[Zope-CMF] how to include links for members with published index_html

marc lindahl marc@bowery.com
Fri, 27 Apr 2001 18:19:35 -0400


I'm stuck...
Trying to figure out how to get roster.dtml to put live links for any user
that has a ....Members/user/index_html page that is published.  A logged on
user (Member) can access any of these if they know the direct link, but for
some reason getHomeUrl only validates the directory permission itself.

I would think this makes enough sense for it to be deep somewhere, like in
Membership.py:

---------------
    def getHomeFolder(self, id=None, verifyPermission=0):
        """Returns a member's home folder object."""
        if id is None:
            member = self.getAuthenticatedMember()
            if not hasattr(member, 'getMemberId'):
                return None
            id = member.getMemberId()
        if hasattr(self, 'Members'):
            try:
                folder = self.Members[id]
                if verifyPermission and ((not _checkPermission('View',
folder) \
                    or (not _checkPermission('View', folder.index_html))):
                    # Don't return the folder if the user can't get to it.
                    return None
                return folder
            except KeyError: pass
        return None

---------------


But, barring that, I tried to do something similar in roster.dtml:

-----------------
<snip>
 <dtml-let homeUrl="portal_membership.getHomeUrl(id, verifyPermission=0)">
 <dtml-let homeFolder="portal_membership.getHomeFolder(id,
verifyPermission=0)">
 <tr>
 <td> <br> </td>
  <td> <dtml-if "_.SecurityCheckPermission('View', homeFolder.index_html)">
         <a href="&dtml-homeUrl;">&dtml-id;</a>
       <dtml-else>
          &dtml-id;
       </dtml-if>
  </td>
<snip>
-------------------

That piece asks for a username/password, then if you cancel the dialog, it
gives an 'Unauthorized' error.  Seems it's evaluating homeFolder.index_html
before calling SecurityCheckPermission -- doesn't that defeat the purpose
somewhat?  Perhaps I'm missing the way to really do this?  I'd guess the
python code of the first snippet would give the same error, didn't try it
yet...