[Zope] inserting half a dtml tag into a zclass

Tim Hicks Tim Hicks" <tim@sitefusion.co.uk
Wed, 10 Jan 2001 19:11:36 -0000 

----- Original Message -----
From: Dieter Maurer <dieter@handshake.de>
To: Tim Hicks <tim@sitefusion.co.uk>
Cc: <zope@zope.org>
Sent: Friday, December 29, 2000 9:38 AM
Subject: Re: [Zope] inserting half a dtml tag into a zclass


> Tim Hicks writes:
>  > This is a multi-part message in MIME format.
>  >
>  > ------=_NextPart_000_0009_01C07071.533E96C0
>  > Content-Type: text/plain;
>  > charset="iso-8859-1"
>  > Content-Transfer-Encoding: quoted-printable
> You are here long enough: you should know, we do not like MIME
> messages.

My apologies. You're right, I do know better... my mistake.  Also, apologies
for the delayed reply, I've been away.

>
>  > ... isolating privacy checks ...
>  > <dtml-var privacy>
>  > <dtml-var standard_html_header>
>  > <dtml-var standard_html_footer>
>  > </dtml-if>
>
> I know about 2 possible approaches:
>
>  I. let your "privacy" method return a value (using "dtml-return")
>     and check it above:
>
>     <dtml-if privacy>
>       ...header...
>       ...
>       ...footer...
>     </dtml-if>
>

I've gone for a 'method' based on this first idea of yours.  Here is what
appears in each zclass instance.

<dtml-call privacy>
<dtml-if "available == 1">
<dtml-call "RESPONSE.redirect(restricted+'/restricted.html')">
<dtml-else>
<dtml-var standard_html_header>

<dtml-var standard_html_footer>
</dtml-if>

And here is the privacy method.

<dtml-call "REQUEST.set('available', 0)">
<dtml-if "propertyLabel(availability) == 'private'">
<dtml-call "REQUEST.set('available', 1)">
</dtml-if>

<dtml-call "REQUEST.set('dom', _.string.split(REQUEST.REMOTE_ADDR, '.'))">
<dtml-if "dom[0] == '192'">
<dtml-if "dom[1] == '168'">
<dtml-call "REQUEST.set('available', 0)">
</dtml-if>
</dtml-if>

<dtml-in PARENTS>
<dtml-let PARENT="_.getitem('sequence-item')">
<dtml-if "PARENT.hasProperty('dehs_site_root_folder')"><dtml-call
"REQUEST.set('restricted', PARENT.absolute_url())"></dtml-if>
</dtml-let>
</dtml-in>


It's not perfect (that would be when there is nothing for the user to break
in each instance), but it's better than it was and also allows me to edit
only one privacy method to change the access rights.


>  II. I think (this implies, I am not sure), that ZPublisher
>      translates exceptions into HTTP response codes.
>      This would mean, you could try:
>
>        In your "privacy" method:
>   ....
>   <dtml-call "RESPONSE.redirect(...)">
>   <dtml-raise type="Redirect"></dtml-raise>
>   ....
>
>        in your other objects:
>
>           <dtml-call privacy>
>   ...header...
>   ....
>   ...footer...
>

You've lost me a bit there.  Where am I actually checking to see if the user
has access rights?

Cheers

tim