[Zope-CMF] Get list of published items that user has access to

marc lindahl marc@bowery.com
Mon, 22 Oct 2001 14:36:26 -0400 

Hmm.... I think a catalog search will work... because, isn't that what
news_box does?  

> From: davelehman@loewen.com
> Date: Mon, 22 Oct 2001 12:29:29 -0500
> To: zope-cmf@zope.org
> Subject: [Zope-CMF] Get list of published items that user has access to
> 
> Well, i'm sorry to ask this because i'm sure it's a FAQ, but I just haven't
> been able to put all the pieces of the puzzle together. I've spent the
> weekend banging my head against the wall and need a little relief...
> 
> (I'm running CMF1.1 under Zope2.4. My "member" role has "access portal
> content" and "view" access, but *not* "access future")
> 
> I want to display a summary of news items. Basically, I want to get a list
> of documents from a specified news folder that are both published, and that
> the current website visitor has access to. It seems this is easier said
> that done...
> 
> Previously, I had tried:
> 
> <dtml-in expr="objectValues( [ 'Document' ] )" skip_unauthorized>
> <dtml-var Title><br>
> <dtml-var Description><br>
> </dtml-in>
> 
> This pops up an authentication dialog if you are not logged in. And it
> displays *all* items-- both published and private.
> 
>> From reading the list, I got the impression that this *may* have worked in
> Zope2.3 but now doesn't (not sure if this was broken by accident, or on
> purpose). The "recommended" way now seems to be to use ZopeFind (although
> no one seems willing to offer an example except to say "Go look in the Zope
> Quick Reference!"). So I tried this:
> 
> <dtml-in expr="ZopeFind(this(),meta_type==['Document'],search_sub=1)"
> skip_unauthorized>
> <dtml-var Title><br>
> <dtml-var Description><br>
> </dtml-in>
> 
> but it also displays all items, published and private. Well, I guess that
> means it must be "skip_unauthorized" that is broken. So I tried manually
> filtering out the non-published items from a recipe on ZopeLabs:
> 
> import string
> news = []
> for id, obj in context.ZopeFind( context, obj_metatypes=['Document'], ):
> if hasattr(obj, 'published') and obj.published:
> news.append( '<a href="' + obj.absolute_url() + '"><i>' + obj.Title() +
> '</i></a><br>' + obj.Description() + '<br>' )
> return news
> 
> but this returns nothing at all, not even the items that are published. So
> that must not be what determines is a doc is "published" in the CMF.
> 
> It seems like it should be possible to use ZopeFind to search for just
> items that the user has access to, using "obj_roles" and "obj_permissions"
> but from the scant detail in the ZQR, i have no idea how to do this.
> 
> All I want is a way to show a visitor (anonymous, member or manager) a list
> of the news items that they should see. Anonymous and Member should both
> see a list of published docs only. Manager should see all-- both published
> and private.
> 
> And I suppose it would be self-defeating to heap more on this issue, but is
> it also possible to work the CMF "effective_date" into this, so that
> anonymous and members only see stuff that is published and has an effective
> date less that or equal to today?
> 
> I really want to make this work-- Zope just seems *so* hard sometimes...
> 
> Regards,
> Dave
> 
> 
> 
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
> 
> See http://www.zope.org/Products/PTK/Tracker for bug reports and feature
> requests