[ZPT] Please help: No protection for PageTemplateFile!!

Dirksen Lau dirksen.lau@polyu.edu.hk
Tue, 29 Jan 2002 19:36:53 +0800


I want to shut off anonymous access to my class, but to my surprise, instances of PageTemplateFile leak through the security check, even the id of which starts with 'manage_'! Here's my class

class Dummy:
    __roles__ = ['Authenticated', 'Owner', 'Manager']
    index_html = PageTemplateFile('F:/zope2/lib/.../view.zpt', globals(), __name__='index_html')
    manage_main = PageTemplateFile('F:/zope2/lib/.../manage_main.zpt', globals(), __name__='manage_main')


Visiting index_html and manage_main gets through without an id check. If I change them to HTMLFile instances, the authen-box pops up right away. 

Have I done it  wrong? Please help!!