[ZPT] ZPT calling private Method

Dieter Maurer dieter at handshake.de
Mon Jun 12 14:12:46 EDT 2006


Geoffroy Charollais wrote at 2006-6-12 15:04 +0200:
> ...
>I'm a newbee in Zope and I'm facing a problem:

You should carefully read the Zope book (2.7 edition, online).
You use of the terminology is not yet correct.

> ...
>I would like this pagetemplate to
>call a method from an another object,
>
><div tal:define="mytest python:context.MySecondObject.aMethod(AnArgument)">
>
>
>but in the same time
>I would like this second object to be declared as private (to be sure
>that it is not callable by URL).

If you could declare it private, it could no longer be
used from untrusted code (such as a "PageTemplate").

>In this case when I'm calling the protected method , I always have the 
>same error message:
>
>*Error Type: Unauthorized*
>*Error Value: You are not allowed to access 'MySecondObject' in this 
>context*

If you are only interested to prevent (direct) URL access,
you can give your object an "index_html" method.
This method is called to resolve urls ending in this object.

Of course, URLs of the form "<url_to_your_object>/<aMethod>"
could still be called by URL -- if the user has sufficient
permissions.



-- 
Dieter


More information about the ZPT mailing list