[Zope] Show Viewable folders

Dieter Maurer dieter@handshake.de
Fri, 3 Aug 2001 21:32:34 +0200 (CEST)


Montagne, Michael writes:
 > I'm trying to display only the folders that a User has viewing rights to.
 > ....
 > <dtml-in expr="PARENTS[0].objectValues('Folder')">
 > <dtml-if "AUTHENTICATED_USER.has_permission('View','<dtml-sequence-item>')">
 >     <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a>
 >   <dtml-else>
 >   Nope<br>
 > </dtml-if>
 > </dtml-in>
 >  
 > 
 > <dtml-in expr="PARENTS[0].objectValues('Folder')">
 > <dtml-if expr="_.SecurityCheckPermission('View','<dtml-sequence-item>')">
 >     <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a>
 >   <dtml-else>
 >   Nope<br>
 > </dtml-if>
 > </dtml-in>
You have not yet been reached by the information that you cannot
use "dtml-*" inside a Python expression?

  Inside "...", you are in a Python expression context.
  '<dtml-sequence-item>' is there the literal string
  "<dtml-sequence-item>", no interpretation of "sequence-item"
  as you seem to expect....

Use in similar situations something like:

    <dtml-let folder=sequence-item>
       ... "... folder ..." ...
    </dtml-let>

In your case, you can use:

   <dtml-let folder=sequence-item>
   <dtml-if expr="_.SecurityCheckPermission('View',folder)">
     ...
   </dtml-if>
   </dtml-let>
  
Unfortunately, this will not work for all permissions and
for all objects:

  It will e.g. fail for 'View' and DTML objects
  and for 'Access Contents Information' and folders.

  I think this is a bug in Zope's security subsystem.
  If you feel like me, please put it into the collector.


Dieter