Hi chas chas wrote:
Having spent the better part of the night getting nowhere with this, I hope somebody can help.
Consider a DTML method (called 'content') which is part of a ZClass as follows :
/Control_Panel /Products /MyProduct /MyZClass content [dtml method]
Is there no way to protect the DTML method so that it cannot be accessed directly from instances of this ZClass ?
eg. if we create an instance of MyZClass in the Zope root :
/MyInstance
I don't want people to be able to call : http://Zope_server/MyInstance/content
But we would like other DTML documents/methods such as http://Zope_server/MyInstance/index_html to be able to access the contents using "<dtml-var content>"
As a suggestion, you could make a switch in your index_html methods that your content method looks for. e.g., in index_html for MyZClass: <dtml-let ok_to_display_content="1"> do the content stuff </dtml-let> and in content <dtml-if ok_to_display_content> show your content <dtml-else> You shouldn't be viewing this... (or perhaps you could call the parent or do a redirect here) </dtml-if>
I've been getting nowhere with the "Define Permissions" tab of the 'content' DTML method in the ZClass definition - it's simply not possible to disable the 'view' property.
It's a bit of a kludge, but should easily get you the behavior you want... Regards, --Jim Washington