rruth@computer.org writes:
What permissions do I set in the security tap to do the following:
I have two dtml methods. The first one, 'validate' I want anonymous users to be able to access in the default manner. The second dtml method, 'query', I want to be called from the first dtml-method, 'validate', but never directly by an anonymous user. (ie. the anonymous user can connect to: http://...validate but will get an error for: http://...query)
How do I set the permissions of the second dtml method, 'query' to do this? This is not easy with Zope's security machinery.
I see two options: * (easy) you map the "View" permission of "query" only to "Manager" and give "validate" a proxy role (of "Manager"). * you give "query" an "index_html" method which does whatever you want, e.g. "raise Unauthorized". Ages ago, I posted an External Method to the mailing list that allows you to set "index_html" of an arbitrary object. Please search the archive. Dieter