24 Jan
2001
24 Jan
'01
10:39 a.m.
Dimitris Andrakakis wrote:
Gerald Gutierrez wrote:
If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly?
I think its as simple as revoking the access rights for anonymous (or other) users. I.e. it's not invisible, but rather not allowed (pardon my english).
This should work, but you will also need to assign proxy roles ['higher' than anonymous] to any of the methods that call your /query method otherwise they will also be refused access! Ivan