[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security

nobody@nowhere.com nobody@nowhere.com
Tue, 03 Sep 2002 17:14:00 -0400

A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#2-26


    The most common security query asks whether the current user has a
    given permission. For example, suppose your application allows
    some users to upload files. This action may be protected by the
    "Add Documents, Images, and Files" standard Zope permission. You
    can test to see if the current user has this permission in DTML::

      <dtml-if expr="_.SecurityCheckPermission(
                    'Add Documents, Images, and Files', this())">

        <form action="upload">


      % Anonymous User - Sep. 3, 2002 5:13 pm:
       How is this security check performed in a page template? I checked several options and came up with:
         <span tal:condition="python:user.has_role('Author')"> ...
       which works, but not in combination with SlaveUserFolders. I defined a user in a parent folder with the role
       "Member" and assigned the role "Author" within the subfolder using a SlaveUserFolder. It still shows the role
       "Member", but not "Author".
       With the wrong role, the permission check will using user.has_permission not work either.