[Zope] Getting current object in an expression while in a dtml-in loop
Dieter Maurer
dieter@handshake.de
Tue, 11 Mar 2003 23:43:53 +0100
HP Knoll wrote at 2003-3-11 06:22 +0100:
> In my search results page I would like to display only those results where
> the user has the permission to view those files. My question is: how do I
> refer to the current object in a <dtml-in> loop?
> I know that I could use <dtml-in Catalog skip_unauthorized> but it still
> displays all results, even those where the user has absolutely no right.
>
> Here is the example:
>
> <dtml-in Catalog>
> <dtml-if expr="_.SecurityGetUser().has_permission('View', OBJECT?????)">
> ...
<dtml-in Catalog prefix=result>
# now you can access the current object with "result_item"
Note, however, that is is not easy to check "View" permission
for some types of objects.
In general, accessing an object, even, if only to check permission on it,
requires the "object permission". Most object classes use
"Access contents information" as "object permission", but some
(e.g. DTML objects) use "View".
You need to use "try...except" to check for availability of the "object
permission".
Someone else already told you that the results of a catalog
search do not return the objects themselves but proxie
objects.
You may look at CMF. It solves your problem with
a special index: "AllowedRolesAndUsers". With its help,
catalog searches only return objects viewable by the
current user.
Dieter