Why? It is more transparent and better way - use security tab. ----- Original Message ----- From: "Tres Seaver" <tseaver@palladion.com>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Pedro LaWrench wrote:
I need to do something on the filesystem, which requires unrestricted python, so I created an external method. The problem is that anyone can call that directly via URL, so I added a permission check. Even then, users with the sufficient permissions can call this via URL, which I don't want them to do. I only want them to have access indirectly from other pages (such as a page template that will pass sane parameters). Is there anyway to do this?
Add a REQUEST argument to your function, defaulting to None. The publisher will always pass the request in for that argument, while the other templates / scripts should not. E.g.:
def doSomething(self, REQUEST=None): """ Don't call me directly via a URL!!! """ if REQUEST is not None: raise ValueError('Wicked, evil, naughty Zoot!')