Other Uses of Access Rules

Embedded Session Values

Sometimes it would be nice to be able to embed a variable/value in the middle of a URL, rather than having to tack a query string onto the end. It can be essential, such as when you want parameterized pages to be spiderable (spiders don't like query strings).

One way to accomplish this is with an Access Rule. For example, suppose we created a Zope folder called 'Session', containing the following DTML Method Access Rule:

<dtml-let stack="REQUEST['TraversalRequestNameStack']">
Don't intercept management requests
<dtml-unless "stack[0][:6]=='manage'">
  Is the next path segment a positive integer?
  <dtml-if "_.int(stack[-1])>0">
    Save it and remove it from the path
    <dtml-call "REQUEST.set('SessionID', stack.pop())">
    Add it back into the logical path
    <dtml-call "REQUEST.setVirtualRoot(REQUEST.steps+[SessionID])">
  <dtml-else>
    <dtml-raise type="Invalid">Invalid Session ID!</dtml-raise>
  </dtml-if>
</dtml-unless>
</dtml-let>

Then the request URI 'http://www.mysite.com/foo/Session/84076/step3' will publish the Zope object at '/foo/Session/step3', with variable 'SessionID' set to '84076'. Thanks to acquisition, 'step3' doesn't need to be in 'Session'. 'Session' may be empty except for the Access Rule, or it may contain session-management objects.

When writing this kind of Access Rule, it is useful to remember the following:

REQUEST['TraversalRequestNameStack'] is the stack of Ids yet to be traversed.
REQUEST.steps is the list of Ids already traversed.
You can manipulate the path stack with append, insert, pop, and similar list operations.
You should not manipulate 'steps', instead using REQUEST.setVirtualRoot('path') to alter the apparent traversal history and URL generation.