[Zope] How to properly do navigation Bar without un-authorized sub-objects?
Curtis Maloney
curtis@cardgate.net
Wed, 28 Feb 2001 10:23:33 +1100
On Wed, 28 Feb 2001 03:15, you wrote:
> Brad Clements wrote:
> > > Did you try setting a proxy role on the ShowNavBar method that can
> > > execute this?
> >
> > No.. I don't want it to show if the logged in user doesn't have rights to
> > it.
> >
> > I want a way to see, in DTML (or an external method), if the current user
> > has rights to an object.. if they have rights, does the object exist.
> >
> > If they don't have rights, it's okay to raise an exception
> > (AttributeError) which I can catch. But I don't want the SecurityManager
> > to try to authenticate our access to it..
> >
> > Brad Clements, bkc@murkworks.com (315)268-1000
> > http://www.murkworks.com (315)268-9812 Fax
> > netmeeting: ils://ils.murkworks.com AOL-IM: BKClements
>
> OK, how about if you call AUTHENTICATED_USER.has_permission() on each
> NavBar method to see if the user has rights to call it?
I know I'm jumping in part way through a threat... but if you're using a
<dtml-in> to iterate over the side-bar items, have you considered using the
skip_unauthorized attribute?
If this is in Python, otoh, the ZQR says of AUTHENTICATED_USER.has_permission:
has_permission(permission, object)
Check to see if a user has a given permission on an object.
Hope this helps.
Have a better one,
Curtis Maloney.