[Zope-CMF] Bug in zpt_generic index_html ? doesn't skip unauthorized Folders etc...

Heimo Laukkanen huima@fountainpark.org
Wed, 17 Apr 2002 04:52:38 +0300


Using CMF 1.3 beta and noticed that if I set in a subfolder security 
in a way that Access content information is not on, the Folder is 
still visible to the anonymous user in the index_html of the parent 
directory.

If the user tries to access the directory, then he is forced to login...

In the idnex_html there is following code which apparently does not work.

<div tal:condition="not: has_local"
       tal:define="auth_filter nocall: modules/ZTUtils/LazyFilter"
  >

<div tal:define="raw_items python: here.contentValues(
                                             filter={'Type':( 'Document'
                                                            , 'Image'
                                                            , 'File'
                                                            , 'News Item'
                                                            ) } );
                    items python: auth_filter( raw_items, skip='' );
                   ">
<div tal:condition="items">

....


Outside the CMF for example following code works:

<ul tal:define="ztu modules/ZTUtils;
      raw python:here.objectValues('Folder');
      objs python:ztu.LazyFilter(raw, skip='')">

       <li tal:repeat="example objs">

         <a href="example"
            tal:attributes="href example/getId"
            tal:content="example/title">Example Title</a>
       </li>


     </ul>



Any ideas?

-huima