[Zope] dtml-in and skip_unauthorized not working?

Mike Renfro renfro@tntech.edu
Thu, 9 Aug 2001 14:55:17 -0500


I have a very similar problem to the one given by Jean Lagarde at
http://lists.zope.org/pipermail/zope/2001-June/093739.html -- I have a
number of Squishdot sites, and I'd like to automatically generate a
list of Squishdot sites accessible to the current logged-in user.

Here's the dtml method (MyFora) I'm using:


<ul>
<dtml-in findfora skip_unauthorized>
  <dtml-let item=sequence-item>
    <dtml-with item>
      <li><a href="<dtml-var absolute_url>"><dtml-var title></a>
    </dtml-with>
  </dtml-let>
</dtml-in>
</ul>


and here's the Python script (findfora):


from string import split, join

published = {}
meta_types = ('Squishdot Site',)
root = None

#lets setup the root we will find all our resources from
if context.REQUEST.VirtualRootPhysicalPath:
  root = context.REQUEST.VirtualRootPhysicalPath
else:
  root = ('',)
root = context.restrictedTraverse(root)

published=[]

for obj in context.ZopeFind(root, obj_metatypes=meta_types, search_sub=1):
  id, obj = obj[0], obj[1]
  published.append(obj)

return published


For every authenticated user, it returns a *full* list of Squishdot
sites, not just the ones they're authorized to view. Clicking on one
of the unauthorized links pops up a login dialog, but I don't even
want the links to show up at all (which I thought skip_unauthorized
would take care of).

As far as I can tell, neither method has any proxy roles
attached. What detail did both Jean and I miss in our respective
situations? Zope 2.3.2, by the way.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu