[Zope] Help on syntax (please!)

Tino Wildenhain tino@wildenhain.de
Mon, 13 Aug 2001 15:58:34 +0200


Hi Giuseppe,

this is because AUTHENTICATED_USER looks like a string
but isn't one. This is because python objects can define
different views to their content. So if you just
say <dtml-var AUTHENTICATED_USER>  the DTML machinery looks
if its callable, calls it or uses str() on it. What ever
comes back is a string. But if you use it in an expression
like you do below, its not a string and therefore you cannot
compage it like this.

You get the string of the Username by calling:

AUTHENTICATED_USER.getUserName()

But may be there is a better solution for the whole problem
you want to solve. There is a security mechanism already
built in into zope. The userfolder is not only a memory
for user-ids :)
Instead each user can be in one or more roles. These roles in turn
cover various permissions.

So instead of managing extra lists of what which user may be
can do, let the security engine do its job.

Define a permission for your task, assign it to a role and
give each user you want this role.

Cover the method (or folder) with this permission.
If either someone with insufficient right tries to
use the method (s)he gets the requester to authenticate
or you can use ZopeFind (see thread with Dieter Maurer
on this matter) to give out automatical navigation
links based on the current users rights.

HTH
Tino Wildenhain
PS: sorry to be a bit vague, but I'm unable to write a complete
zope book into the mail ;)


--On Montag, 13. August 2001 14:25 +0200 Giuseppe Bonelli <g.bonelli@pn.itnet.it> wrote:

> Hello,
>
> can someone please explain to me (a Zope newby) why this fragment avaluates always to the KO
> branch ?
>
> <dtml-in get_valid_userids prefix="seq">
>      <dtml-if "seq_item == AUTHENTICATED_USER ">
>      OK
>      <dtml-else>
>      KO
>        item: <dtml-var AUTHENTICATED_USER><br>
>        user: <dtml-var seq_item><br>
>      </dtml-if>
> </dtml-in>
>
> thanks in advance !!
>
> peppo
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )