[Zope] DTML method's contents accessible but not viewablewithin a class definition ? class definition ?

Michel Pelletier michel@digicool.com
Sun, 09 Apr 2000 16:38:43 -0700


chas wrote:
> 
> At 08:49 PM 04/08/2000 +0100, you wrote:
> >chas <panda@skinnyhippo.com> writes:
> >> Is there no way to protect the DTML method so that it
> >> cannot be accessed directly from instances of this ZClass ?
> >[...]
> >> I don't want people to be able to call :
> >>      http://Zope_server/MyInstance/content
> >>
> >> But we would like other DTML documents/methods such as
> >> http://Zope_server/MyInstance/index_html
> >> to be able to access the contents using "<dtml-var content>"
> >
> >Dunno of this would work for you.. haven't tried it. Perhaps create a
> >folder in your ZClass, define permissions limits on it, create methods
> >inside that. Then when you want to be using content etc, just do
> ><dtml-with foldername>.
> 
> Thanks John, I'd also already attempted that one too but, you know,
> even the folders can not have the "view" permission disabled within
> a class.

You need to create a Permission object in the ZClass that defines how
you want to protect attributes of that class.  You can map that
permission to an existing permission if you want.

-Michel