[Zope] Security for objects being called

Thibaud Morel l'Horset teebes at gmail.com
Mon Sep 15 19:44:58 EDT 2008


Hello all,

  I'm trying to figure out how to prevent certain zope objects from being
called directly but allow them to be called from another object.

  Here is an example:
  You have a ZPT page, let's originally call it 'test'
  test calls a Script(Python) 'script'

  I want any anonymous user to be able to call 'test' from the web but not
'script'. However, I want 'test' to call 'script' and render the contents of
'script' to anonymous users through 'test'. I tested this out by making the
'script' View permission only available for Authenticated users, and as
anonymous I can neither hit 'test' nor 'script'.

  Based on my understanding of the Zope security framework I don't think
this is possible... hopefully someone can tell me I'm wrong though and show
me how to do it :)

  Thanks very much for your time,

- Thibaud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20080915/ef4fa377/attachment.html 


More information about the Zope mailing list