[Zope-CMF] Get list of published items that user has access to
davelehman@loewen.com
davelehman@loewen.com
Mon, 22 Oct 2001 12:29:29 -0500
Well, i'm sorry to ask this because i'm sure it's a FAQ, but I just haven't
been able to put all the pieces of the puzzle together. I've spent the
weekend banging my head against the wall and need a little relief...
(I'm running CMF1.1 under Zope2.4. My "member" role has "access portal
content" and "view" access, but *not* "access future")
I want to display a summary of news items. Basically, I want to get a list
of documents from a specified news folder that are both published, and that
the current website visitor has access to. It seems this is easier said
that done...
Previously, I had tried:
<dtml-in expr="objectValues( [ 'Document' ] )" skip_unauthorized>
<dtml-var Title><br>
<dtml-var Description><br>
</dtml-in>
This pops up an authentication dialog if you are not logged in. And it
displays *all* items-- both published and private.
>From reading the list, I got the impression that this *may* have worked in
Zope2.3 but now doesn't (not sure if this was broken by accident, or on
purpose). The "recommended" way now seems to be to use ZopeFind (although
no one seems willing to offer an example except to say "Go look in the Zope
Quick Reference!"). So I tried this:
<dtml-in expr="ZopeFind(this(),meta_type==['Document'],search_sub=1)"
skip_unauthorized>
<dtml-var Title><br>
<dtml-var Description><br>
</dtml-in>
but it also displays all items, published and private. Well, I guess that
means it must be "skip_unauthorized" that is broken. So I tried manually
filtering out the non-published items from a recipe on ZopeLabs:
import string
news = []
for id, obj in context.ZopeFind( context, obj_metatypes=['Document'], ):
if hasattr(obj, 'published') and obj.published:
news.append( '<a href="' + obj.absolute_url() + '"><i>' + obj.Title() +
'</i></a><br>' + obj.Description() + '<br>' )
return news
but this returns nothing at all, not even the items that are published. So
that must not be what determines is a doc is "published" in the CMF.
It seems like it should be possible to use ZopeFind to search for just
items that the user has access to, using "obj_roles" and "obj_permissions"
but from the scant detail in the ZQR, i have no idea how to do this.
All I want is a way to show a visitor (anonymous, member or manager) a list
of the news items that they should see. Anonymous and Member should both
see a list of published docs only. Manager should see all-- both published
and private.
And I suppose it would be self-defeating to heap more on this issue, but is
it also possible to work the CMF "effective_date" into this, so that
anonymous and members only see stuff that is published and has an effective
date less that or equal to today?
I really want to make this work-- Zope just seems *so* hard sometimes...
Regards,
Dave