[Zope] How to conditionally show something w/o programmatic r ef

Farrell, Troy troy.farrell@wilcom.com
Mon, 12 Mar 2001 12:12:58 -0600


<dtml-try>
  <dtml-var name="extra-stuff">
<dtml-except Unauthorized>
  You don't have permission to look at this.
</dtml-try>

extra-stuff may need some extra work since you have the hyphen.  If you try
to use it in an expression, you will have to do this: <dtml-var
expr="_['extra-stuff']">

Troy

-----Original Message-----
From: Joel Burton [mailto:jburton@scw.org]
Sent: Monday, March 12, 2001 11:58 AM
To: zope@zope.org
Subject: [Zope] How to conditionally show something w/o programmatic ref



On our site, staff see enhanced views of certain pages. For example,
everyone can see my phone number, but only staff can see my cell number.

I've handled that in the past as

<dtml-if ... user has the role "Staff" ...>
   extra stuff goes here
</dtml-if>

I've been moving the extra stuff to separate DTML methods for internal
reasons, so it looks like

<dtml-if ... is staff >
  <dtml-var extra-stuff>
</dtml-if>

For my fellow developers, I've simplified this by created at method called
isStaff, which just returns the result of true or false for this user
having the role of Staff for the current object. That way, they can just
say

<dtml-if isStaff>
  <dtml-var extra-stuff>
</dtml-if>

However, this still keeps the "logic" of security in DTML, and not part of
the Zope security system.

What I'd like is:

<dtml-var extra-stuff>

and mark extra stuff w/View permission only for staff. That way, the
security is out in the open; there's no programmatic checking of
authorization.

Of course, what happens is that zope pops up and asks for authorization
for this.

I've tried

<dtml-in extra-stuff skip_unauthorized>
  <dtml-var sequence-item>
</dtml-in>

but I still get an authorization request for extra-stuff.

Is there any way (w/dtml-var, dtml-in, etc) to show this extra stuff,
while keeping the security logic in simple zope security, and w/o
prompting for the user to log in? (something like <dtml-var extra-stuff
skip_unauthorized> would be great.)

Thanks!

-- 
Joel Burton   <jburton@scw.org>
Director of Information Systems, Support Center of Washington


_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )