[Zope] How to properly do navigation Bar without un-authorized
sub-objects?
Tres Seaver
tseaver@digicool.com
Tue, 27 Feb 2001 23:25:30 -0500
"Brad Clements" <bkc@murkworks.com> wrote:
>
> I need to "hand generate" a navigation bar, showing only those subobjects
> to which the current user is authorized to view.
>
> It seems as if I'd get an AttributeError when trying to access items that I
> can't access, but with LoginManager it pops up a login box.. Which I don't
> want.
>
> My design is to have each "folder" have its own "DrawNavBar" DTML-
> Method, whose job it is to generate it's own html.. If that folder has sub-
> folders, than that folder's DrawNavBar should call it's sub-folders
> DrawNavBar functions.
>
> To avoid a recursive loop resolving DrawNavBar, I use aq_explicit, like
> this:
>
> <dtml-try>
> <dtml-var "_.getattr(PARENTS[-1].Z.Admin.aq_explicit,'ShowNavBar')(_.None,_)">
> <dtml-except AttributeError>
> </dtml-try>
>
> The problem with this is that I get a login prompt from LoginManager if I'm
> anonymous..
>
> I suppose I could use something like dtml-in to only show those objects to
> which I'm authorized, but I don't want to enumerate the contents of the
> folder, since I know exactly what I'm looking for.
If you know the list of objects you are looking for, then you can
still use '<dtml-in myList skip-unauthorized>' to get the effect you
want.
> So.. given an explcit path, how can I find out if the current user can
> 'access' that path item, such as a DTML-method?
>
> I'm not asking Zope to confirm that the object exists if I don't have access
> to it.. just say "no such object" or "here's the object" and not use
> acquisition to find it up the path.
>
> Ideas?
I'm not sure if this fits the bill::
<dtml-let sm="getSecurityManager()">
<dtml-if expr="sm.checkPermission( 'View', myMethod )">
....
</dtml-if>
....
</dtml-let>
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org