On Wed, 22 Nov 2000, Chris Withers wrote: [ snipped cosmetic modifications ;) ]
until I had to put some security on my CallableFolders. Removing 'View' for Anonymous keeps me from accessing a CallableFolder directly but it can still be used as a subtemplate (dtml-var x) from another DTML Document or Method. Bummer! Doing some tests I discovered that plain DTML Documents show the same behaviour (!), though DTML Methods throw 'Unauthorized' as expected.
Ewww... that's not very nice, Collector time: http://classic.zope.org:8080/Collector/
done.
*) Do I have to take measures in my baseclass to properly access/pass security contexts?
...shouldn't do, AFAIK.
relief ;)
*) Or is there even prior art on such a baseclass or reasons why this just cannot possibly work?
ZCallable, ZRenderable and FunctionTemplate are all in this space...
I've seen them all. I cannot make ZCallable work (too many datafull baseclasses...), Renderable does only give me the REQUEST, and FunctionTemplates are far more than I am able to grok at the moment ;) Thanks anyway, Stefan