[Zope] Problem using AUTHENTICATED_USER

Curtis Maloney curtis@cardgate.net
Thu, 22 Feb 2001 10:58:41 +1100 

On Thursday 22 February 2001 07:44, J=E9r=F4me Loisel wrote:
> Hi folks!
>
> I am somewhat unable to check whether or not the user has manager acces=
s to
> some object object. The following does not work as expected:
>
> <dtml-if "AUTHENTICATED_USER.has_role('Manager', _.getitem('.news'))">
>   <P>Blah.</P>
> </dtml-if>
>
> Instead of getting a true result if the user has manager acces to the .=
news
> item (a folder), I get a true result if the user has manager access to =
his
> context.
>

Have you checked what parameters AUTHENTICATED_USER.has_role() accepts? (=
try=20
looking in the ZQR).  AFAIK, it only accepts a list of role names, no=20
objects, and can only tell you if the user has that role, as specified in=
 the=20
acl_users folder.

It sounds to me like you have a small misunderstanding of how roles work.=
 =20
Once you have created a role type, you can then specify permissions on=20
objects for that role.

So, if I want only Managers to be able to edit DTML Methods in a particul=
ar=20
folder , it set the "Change DTML Methods" flag in the Security tab for th=
at=20
folder.  From then on, anyone with the 'Manager' role is allowed to "Chan=
ge=20
DTML Methods".

By default, all folders are set to inherit all permissions.

So, if a user must have a particular role to perform a particular action,=
 the=20
object in question should have its security settings set to reflect that.

> Related question: How do I access AUTHENTICATED_USER from Python?
>

self.AUTHENTICATED_USER works for me.


> Can anyone point me in the right direction? Thanks,
>

I'm trying. (o8

> J=E9r=F4me Loisel.
>
> PS: Shouldn't there be separate mailing lists for different types of us=
ers?
> Content managers probably have different questions from (beginning)
> developpers...

There are a couple of lists, and yes, different people ask different=20
questions.  However, IMHO, keeping everyone in the same lists improves yo=
ur=20
chances of answering someone elses problem that you've already encountere=
d,=20
and can show you just how quickly you really are learning! (o8


Have a better one,
	Curtis Maloney.