[Zope] a problem with "skip_unauthorized"
Dieter Maurer
dieter@handshake.de
Mon, 6 Aug 2001 22:53:13 +0200 (CEST)
Sylvain Boureliou writes:
> I use zope 2.4.0 and i have a problem with "skip_unauthorized".
> I want to publish some documents, but obviously, anonymous users are not
> allowed to view administrator's documents.
> So i use "skip_unauthorized" in the "in" tag, but an error is raised :
> You are not authorized to access xxx
> Which means that "skip_unauthorized" does not work !. I dont understand.
> Have you an idea ?
>
> <dtml-in "arch_actualites.objectValues('doc')" reverse sort="Date"
> skip_unauthorized>
> <dtml-var "publish('actutitle','actucontent',_['html_resume'],1)">
> </dtml-in>
"dtml-in" checks "object access", an operation usually
protected by "Access contents information" and sometimes
by "View". If it fails, the "skip_unauthorized" would take
effect and omit the element.
Your "publish" method, however, may need different permissions.
In this case, you would get an "Unauthorized" later in your "publish".
If you need different permissions, you could use "ZopeFind"
to filter objects that do not have the required permissions.
Dieter