Tuesday, May 4, 2010

Showing members' email addresses to other members

This skins folder script getEmailById.py allows members to see other members' email addresses. The has_role() does a check to make sure not all users are allowed to do this.
## Script (Python) "getEmailById"
##bind container=container
##bind context=context
##bind namespace=
##bind script=script
##bind subpath=traverse_subpath
##parameters=author_id
##title=
##
from Products.CMFCore.utils import getToolByName
mtool = getToolByName(context, 'portal_membership')
plone_portal_state = context.restrictedTraverse('@@plone_portal_state')

email = 'unauthorized'
current_member = plone_portal_state.member()
if current_member.has_role(
['Inspector','Archiver','FunctionalManager','Reviewer','Manager',]):
author = mtool.getMemberById(author_id)
email = author.getProperty('email')
return email

In order to call getMemberById you have to have the Manage users permission, which i don't want to give out to all members. Therefore the script is run with a proxy role for Manager, as specified in getEmailById.py.metadata:
[default]
proxy = Manager

The script is called from TAL in a customized author.cpt, which has this extra code:
            <div tal:condition="
python: authorinfo['has_email'] and member.has_role(
['Inspector','Archiver','FunctionalManager','Reviewer',
'Manager',])"
>
E-mail:
<a tal:define="
email python: context.getEmailById(author_id=author);
"
tal:attributes="href string:mailto:${email}"
tal:content="email">
[e-mail address]
</a>
</div>

No comments: