OK- RE: [Zope-CMF] using a sql method in plone..

chris larsen chris@silentcooperative.com
Sun, 4 Aug 2002 15:40:02 -0700


Roger that.  Thank you!

I guess the only confusion now is do I call the python script from the
dtml method of the fields modification page?  E.g. if I use "<dtml-call
getUserID>" in the body of the dtml document they're viewing -if
"getUserID" is the Id of the python script-?

Should I make a "zsearch interface" for the report? And just call the
python script?

Thanks,
Chris


-----Original Message-----
From: alan runyan [mailto:runyaga@runyaga.com] 
Sent: Saturday, August 03, 2002 7:31 PM
To: chris larsen; zope-cmf@zope.org
Subject: Re: [Zope-CMF] using a sql method in plone..

Chris,

please do not post to the mailing list using HTML format - its
considered
'rude'.

>Could someone please give me an explanation on how the user profile
(user
id) is referred to so I can associate it with a sql column to be
inserted/selected as?  For example, if the
>username is "chris", how would I view all of the data in a table that
has
to do with that user id?   Such as;
>Select * from table where userid="chris";

erm.

create a ZSQLMethod, sqlFetchDataByUserid that has 1 parameter called
userid
that does the
select * from table where userid=<dtml-sqlvar userid type="string">

then with a Python Script you can grab the username and then call the
sqlmethod and return the results.  this way you can put some login in
the
python script to securely make
sure the person who is asking for the data is ok to view it.

from AccessControl import getSecurityManager
userid=getSecurityManager().getUser().getUserName()
resuts = context.sqlFetchDataByUserid(userid=userid)
return results

>I want to enable each person to only see/modify their record(s) in the
table.  Seems like a pretty simple question??

it is a simple question, and as above shows .. its quite simple

 >Any simple way of doing this with CMF/plone or should I just use a
unique
id and have them enter their name to pull that record.  One thing is
that I'
m concerned about other
>people guessing and pulling up other names to then modify.  Hrmmmm.

you should never let m them enter their name.  you can get this
information
from ZOPE baed on the application level security.

~runyaga
p.s. select * from table is bad practice you really ought to select
col1,
col2, col3 from table