[Zope] Sudden authentication problem

Dieter Maurer dieter@handshake.de
Sun, 1 Apr 2001 20:46:00 +0200 (CEST)


Dunigan, Craig writes:
 > > ....
 > > I do not think so.
 > > "Add EW Nav Links" is the permission that you want to test for.
 > > But the "Unauthorized" exception is already raised when
 > > the catalogued object is looked up.
 > 
 > Forgive my inexperience, but how do you know this?


    REQUEST['AUTHENTICATED_USER'].
       has_permission('Add EW Nav Links',
                      REQUEST.resolve_url(BASE0+getpath(data_record_id_))))

raised the "Unauthorized" exception (according to your traceback).

  In this expression, only "REQUEST.resolve_url(...)"
  and maybe "getpath" (if your user can not access the catalog, but
  that seems unlikely) can raise this exception.
  "REQUEST" and its methods are public, "has_permission" is public,
  "BASE0" is public (as part of "REQUEST").

 > ....
 > <dtml-call "REQUEST.set('YihawFolders', [])">
 > <dtml-in expr="Catalog({'meta_type':'Yihaw Folder'})">
 >   <dtml-if "REQUEST['AUTHENTICATED_USER'].has_permission('Add EW Nav Links',
 > REQUEST.resolve_url(BASE0+getpath(data_record_id_)))">
 >     <dtml-call "YihawFolders.append(getpath(data_record_id_))">
 >   </dtml-if>
 > </dtml-in>

As a workaround, you could wrap your "if" into a "dtml-try".
If you get an "Unauthorized" exception, it should surely not be
in your "YihawFolders" list.



Dieter