Rik, Thanks for the help with the second problem. Not entirely convinced about the first one though... it seems quite a lot of effort to go through just to stop people executing the methods on their own. Especially given that it sounds like you'd have to go through the process for each method, and in a big site I can imagine there'd be quite a lot of these :( It's a shame there's no way to add a permission called 'execute' or similar to the security model. That permission could allow other objects to execute the method. You could then turn off the view permission, turn on the execute permission, and hey presto! problem solved... Any ideas? Chris Rik Hoekstra wrote:
Chris Withers wrote:
Hi,
I'm hoping these both have simple answers. Firstly, is there any way you can make component DTML methods such as standard_html_header (and maybe other objects) invisible to the outside world?
It's messy (and possibly a security hazard!) if they're not, for example, take a look at http://www.zope.org/standard_html_footer. This isn't really the sort of thing you want visible on its own but what if that method actually did something like delete files/etc...
You can give them permissions that do not make them only visible to a special user (let's say the Role is called SpecialUser). Then if you want to use them from another method, you can give this method a so called 'proxy role' (in this case the 'SpecialUser' role) which gives it the permission to execute the method in question. I vaguely remember that there was some documentation available on this matter, but I couldn't find it.
(To complicate this there is one caveat about proxy roles however: there seems to be a bug which prevents authorized users from changing the methods in question after their proxy roles have changed. This seems to be a bug - it may be remediated one day)
Secondly, is there any way you can specify a parent object of the same name in a DTML method? What I want to do is build up standard_html_header as you get deeper into a directory structure, for example:
in / standard_html_header is: <HTML><HEAD><TITLE><!--#var title_or_id--></TITLE></HEAD><BODY BGCOLOR="#FFFFFF">
in /dir1 standard_html_header is: <dtml-var standard_html_header> Some more text for a header...
and so on...
Of course, this generates an infinite recursion. So what I'm asking is if there's any way to tell the dtml-var call in /dir1/standard_html_header to use the standard_html_header in / rather than in /dir1?
Yes use: <dtml-with "PARENTS[-1]"> <dtml-var standard_html_header> </dtml-with> PARENTS[-1] always is the top folder.
Of course you could also do it another way (simpler) by not calling the header in your method, but naming it differently. This would prevent infinite recursion (and possibly also some other very intricate acquisition problems further down the road)
Rik