[Zope] Security for objects being called

Thibaud Morel l'Horset teebes at gmail.com
Tue Sep 16 08:55:33 EDT 2008


Thanks for the response Paul. I don't see a Proxy tab on Page Templates
though, only DTML methods: do I need to install an additional product for
that? or is it configured somewhere else for Templates?

On Tue, Sep 16, 2008 at 7:48 AM, Paul Winkler <slinkp at gmail.com> wrote:

> On Mon, Sep 15, 2008 at 07:44:58PM -0400, Thibaud Morel l'Horset wrote:
> > Hello all,
> >
> >   I'm trying to figure out how to prevent certain zope objects from being
> > called directly but allow them to be called from another object.
> >
> >   Here is an example:
> >   You have a ZPT page, let's originally call it 'test'
> >   test calls a Script(Python) 'script'
> >
> >   I want any anonymous user to be able to call 'test' from the web but
> not
> > 'script'. However, I want 'test' to call 'script' and render the contents
> of
> > 'script' to anonymous users through 'test'. I tested this out by making
> the
> > 'script' View permission only available for Authenticated users, and as
> > anonymous I can neither hit 'test' nor 'script'.
> >
> >   Based on my understanding of the Zope security framework I don't think
> > this is possible... hopefully someone can tell me I'm wrong though and
> show
> > me how to do it :)
>
> http://plope.com/Books/2_7Edition/Security.stx#2-62
>
>
> --
>
> Paul Winkler
> http://www.slinkp.com
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20080916/012188bb/attachment.html 


More information about the Zope mailing list