[Zope] How to conditionally show something w/o programmatic ref

Joel Burton jburton@scw.org
Mon, 12 Mar 2001 12:58:23 -0500 (EST)


On our site, staff see enhanced views of certain pages. For example,
everyone can see my phone number, but only staff can see my cell number.

I've handled that in the past as

<dtml-if ... user has the role "Staff" ...>
   extra stuff goes here
</dtml-if>

I've been moving the extra stuff to separate DTML methods for internal
reasons, so it looks like

<dtml-if ... is staff >
  <dtml-var extra-stuff>
</dtml-if>

For my fellow developers, I've simplified this by created at method called
isStaff, which just returns the result of true or false for this user
having the role of Staff for the current object. That way, they can just
say

<dtml-if isStaff>
  <dtml-var extra-stuff>
</dtml-if>

However, this still keeps the "logic" of security in DTML, and not part of
the Zope security system.

What I'd like is:

<dtml-var extra-stuff>

and mark extra stuff w/View permission only for staff. That way, the
security is out in the open; there's no programmatic checking of
authorization.

Of course, what happens is that zope pops up and asks for authorization
for this.

I've tried

<dtml-in extra-stuff skip_unauthorized>
  <dtml-var sequence-item>
</dtml-in>

but I still get an authorization request for extra-stuff.

Is there any way (w/dtml-var, dtml-in, etc) to show this extra stuff,
while keeping the security logic in simple zope security, and w/o
prompting for the user to log in? (something like <dtml-var extra-stuff
skip_unauthorized> would be great.)

Thanks!

-- 
Joel Burton   <jburton@scw.org>
Director of Information Systems, Support Center of Washington