[Zope] Getting the requested object's properties (CMF/LoginManager)
Tres Seaver
tseaver@digicool.com
Sat, 19 May 2001 12:50:50 -0400
Sreeram Ramachandran <gro.mareers@sreeram.org> wrote:
> System: Zope 2.3.2b2, CMF 1.0, LoginManager 0.8.8b1, Zope/Python Newbie :)
>
> I wish to customize the following code in standard_html_header (from the de=
> fault CMF skins):
>
> <dtml-if "_.hasattr(this(),'isEffective') and not isEffective( ZopeTime()=
> )">
> <dtml-unless "portal_membership.checkPermission('Request review',this())
> or portal_membership.checkPermission('Review portal content',this())">
> <dtml-var "RESPONSE.unauthorized()">
> </dtml-unless>
> </dtml-if>
>
> Instead of an HTTP-AUTH dialog (as it now stands), I would like to put out =
> a LoginManager-style "forbiddenPage". The following will not work, because =
> the "something follows here" (plus the standard_html_footer) section will s=
> till get output:
>
> standard_html_header:
> if ...: // same check as above
> <dtml-var forbiddenPage>
> else:
> ... // normal stuff
>
> some_page:
> <dtml-var standard_html_header>
> ... something follows here ...
> <dtml-var standard_html_footer>
>
> So, what I need to do is to move the "isEffective" check into the LoginMana=
> ger or somewhere else upstream in the authentication process. Hopefully, th=
> e same place where LoginManager checks to see if it should call "forbiddenP=
> age" based on the user's roles versus object's required roles.
>
> Any suggestions on how to code it?
How about::
<dtml-return forbiddenPage>
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org