[Zope] login, permission and REQUEST env

[Dieter Maurer]

Stefan Berthold writes:
 >   (1) For article management I need to login some users but this (let's 
 > call them) editors don't need the permission to view management screens 
 > (they will use html-formulars to manage their articles)... till now I 
 > couldn't find a way to login users without this permission (e.g. 
 > through a regular html-form and a dtml method).
I do not understand what you say here.

  You do not need "View management screens" for authentication.

 >   (2) Owners of dtml documents usually have the permission to change 
 > and delete their documents... but how can I discover if somebody have 
 > this (implicitly) given Owner role?
First question:

  Why do you want to do this? I would instead check, whether
  I was entitled to do some operation. This could use:

    <dtml-if "_.SecurityCheckPermission(_,<permission>,<object>)">
      ...

Second question:

  Did you look at the embedded Zope help -> API Reference -> Authenticated User

  You will find there a method "hasRole".


 >   (3) (Not just) For a kind of skin technology I need parameters that 
 > are user specific (REQUEST variables)... to set and analyse them may be 
 > no problem - but how can include new parameters to the old URL without 
 > deleting the old parameters? What I need is a way to add parameters to 
 > the REQUEST environment...
The REQUEST environment and the URL are quite different things.

To extend the request environment:

    <dtml-call "REQUEST.set(<key>,<value>)">

To extend the URL (provide you know, it has already parameters):

   &dtml.-URL;&<name>=<dtml-var "<value>" url_quote_plus>


Maybe

  URL:http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html

would be good reading for you.



Dieter