[Zope-CMF] Controlling permissions for actions

Wichert Akkerman wichert at wiggy.net
Thu Sep 27 07:09:06 EDT 2007


Previously Charlie Clark wrote:
> 
> Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl:
> 
> >If you have a script somewhere in the skins or in your site it will  
> >*always* be available for people who call it up directly by URL.  
> >There is no builtin mechanism in Zope or the CMF to control that.  
> >You could do some "manual" checking inside the script to make sure  
> >the calling user has the right permissions or the script is not  
> >called by direct URL traversal.
> 
> Thanks, I thought as much. It's not difficult to check the user for  
> the correct role and return an index page otherwise but I guess I  
> need to start explicitly attaching such scripts to objects and their  
> methods but I'm still on that learning curve, which is probably not  
> helped by the fact I nearly always store data in an RDBMS and I don't  
> use O/R mappers.

You can use a browser view instead of a python script and protect that
with a permission.

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.


More information about the Zope-CMF mailing list