[Zope] check permission problem

John Hunter jdhunter@ace.bsd.uchicago.edu
Fri, 06 Sep 2002 10:54:02 -0500


I want my standard_html_header to render differently if a person is a
manager or a user.  I have in the header

      <dtml-if "_.SecurityCheckPermission('View', login_py)">
          Do something
      <dtml-else>
        <form action="login_py">
          <input type="submit"  value="Member login"></th>
        </form>
      </dtml-if>

login_py is simply the line

container.REQUEST.RESPONSE.redirect(container.REQUEST.HTTP_REFERER)

but has the View permissions set to 'Manager/Owner/Authenticated'.
When they click on the submit button, they will be prompted for a
username and pass since Anonymous does not have view permission for
login_py.

What I want is for every page to have a login button if the user is
not logged in, and display member information if the user is logged
in.

What happens instead is that the anonymous user gets asked for a
password when visiting the site home index_html, which includes the
standard_html_header.  It appears that zope is trying to access the
contents of login_py in the call to 

      <dtml-if "_.SecurityCheckPermission('View', login_py)">

rather than simply check the permission, which surprises me.

When I refuse to enter a password for the main site (which should have
anonymous access and *does* without the SecurityCheckPermission part,
I get the following traceback

Traceback (innermost last):
[ ... snip ...]
             File /workn/Zope-2.5.1b1-src/lib/python/DocumentTemplate/DT_With.py, line 76, in render
               (Object: site_params_py)
             File /workn/Zope-2.5.1b1-src/lib/python/DocumentTemplate/DT_Let.py, line 76, in render
               (Object: standard_header_table_params="'width=140 border=0 cellpadding=2 cellspacing=0'")
             File /workn/Zope-2.5.1b1-src/lib/python/DocumentTemplate/DT_Util.py, line 153, in eval
               (Object: _.SecurityCheckPermission('View', login_py))
               (Info: login_py)
             File /workn/Zope-2.5.1b1-src/lib/python/OFS/DTMLMethod.py, line 151, in validate
               (Object: index_html)
           Unauthorized: You are not allowed to access login_py in this context


Advice warmly welcomed,
John Hunter

Zope Version : (Zope 2.5.1b1 (source release, python 2.1, linux2), python 2.1.3, linux2)
Python Version: 2.1.3 (#1, May 31 2002, 14:37:05) 
[GCC 3.0.4]
System Platform
linux2