[Zope-CMF] RE: [Zope-CMF][Help!] how to include links for members with published index_html

Tres Seaver tseaver@digicool.com
Mon, 30 Apr 2001 22:53:35 -0400 

Jason Wehmhoener wrote:
> 
> I noticed when I customized standard_html_header to include
> the code that folder_contents uses to display the folder
> contents, that anonymous users could then view all documents
> whether they were published or not.
> 
> I believe I'm going to need to use portal_workflow.getInfoFor
> somehow to check to see if each document is published before
> I display a link to it, > but I'm having a hard time puzzling
> this out:
> 
> > getInfoFor(ob, name, default, wf_id=None, *args, **kw):
> >
> > Invoked by user interface code. Allows the user to request
> > information provided by the workflow. The workflow object
> > must perform its own security checks.
> 
> What do the attributes mean?  How are they to be used?

  'ob' is the object

  'name' is the "label" for the kind of information you want.
         Different workflows may define different labels;  the
         "stock" ones (CMFDefault.DefaultWorkflow) are
         'review_state' and 'review_history'

  'default' is a value to be returned if no information is
         available for the label.

You probably actually want an additional method on the workflow
tool which allows you to test for visibility of an object to
the current user, e.g.:

   def isObjectVisible( self, ob ):
       """
           Does the authenticated user have 'View' permission
           w.r.t. 'ob'
       """

This method should likely incorporate the logic currently found
at the top of 'standard_html_header'.  Please submit this as a
tracker issue:

  http://www.zope.org/Projects/PTK/Tracker
 
<snip code replied to earlier> 

> Also, there's the deeper issue that I am never getting any kind
> of permission error when trying to view documents as an anonymous
> user.  Why is that?!

'Anonymous User' normally has the "View" permission on the site,
with the exception of Member folders.  You can change this by
unchecking 'View' as one of its permissions in the "Security" ZMI
tab of your CMFSite instance.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@digicool.com
Digital Creations     "Zope Dealers"       http://www.zope.org