Excellent. Thank you all for the suggests. ----- Original Message ---- From: Tres Seaver <tseaver@palladion.com> To: zope@zope.org Sent: Tuesday, April 28, 2009 8:38:18 AM Subject: Re: [Zope] how to prevent URL access to an external method? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pedro LaWrench wrote:
I need to do something on the filesystem, which requires unrestricted python, so I created an external method. The problem is that anyone can call that directly via URL, so I added a permission check. Even then, users with the sufficient permissions can call this via URL, which I don't want them to do. I only want them to have access indirectly from other pages (such as a page template that will pass sane parameters). Is there anyway to do this?
Add a REQUEST argument to your function, defaulting to None. The publisher will always pass the request in for that argument, while the other templates / scripts should not. E.g.: def doSomething(self, REQUEST=None): """ Don't call me directly via a URL!!! """ if REQUEST is not None: raise ValueError('Wicked, evil, naughty Zoot!') Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ9yLq+gerLs4ltQ4RAlj1AKDG4YIkceWD8yXpz0jvxqiN8Qlw2gCbBa9E tCVUTkjoRIPL8YjSzFHY528= =QbiL -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )