[Zope] Getting current object in an expression while in a dtml-in loop

Thierry FLORAC thierry.florac@onf.fr
Tue, 11 Mar 2003 09:36:52 +0100


On Tuesday 11 March 2003 06:22, HP Knoll wrote:
> Hi,
>
> In my search results page I would like to display only those results where
> the user has the permission to view those files. My question is: how do I
> refer to the current object in a <dtml-in> loop?
> I know that I could use <dtml-in Catalog skip_unauthorized> but it still
> displays all results, even those where the user has absolutely no right.
>
> Here is the example:
>
> <dtml-in Catalog>
> <dtml-if expr="_.SecurityGetUser().has_permission('View', OBJECT?????)">
> ...
> </dtml-if>
> </dtml-in>

Your code don't work because a catalog request just retrieve public catalog 
entries (called "brains"), not real objects.
It should work with something like :

<dtml-in "[record.getObject() for record in Catalog()]" skip_unauthorized>
...
</dtml-in>

Then, what you retrieve is a list of real objects, on which you may be able to 
apply the "skip_unauthorized" parameter ; you can also sort this list on any 
of your objects properties, and not only those indexed into the catalog.

Not tested anyway, and I don't know if this kind of code is as efficient as it 
should be...

Thierry