DTML method's contents accessible but not viewable within a class definition ? class definition ?
Having spent the better part of the night getting nowhere with this, I hope somebody can help. Consider a DTML method (called 'content') which is part of a ZClass as follows : /Control_Panel /Products /MyProduct /MyZClass content [dtml method] Is there no way to protect the DTML method so that it cannot be accessed directly from instances of this ZClass ? eg. if we create an instance of MyZClass in the Zope root : /MyInstance I don't want people to be able to call : http://Zope_server/MyInstance/content But we would like other DTML documents/methods such as http://Zope_server/MyInstance/index_html to be able to access the contents using "<dtml-var content>" I've been getting nowhere with the "Define Permissions" tab of the 'content' DTML method in the ZClass definition - it's simply not possible to disable the 'view' property. Thank you in advance if anybody can offer any suggestions here, chas
Hi chas chas wrote:
Having spent the better part of the night getting nowhere with this, I hope somebody can help.
Consider a DTML method (called 'content') which is part of a ZClass as follows :
/Control_Panel /Products /MyProduct /MyZClass content [dtml method]
Is there no way to protect the DTML method so that it cannot be accessed directly from instances of this ZClass ?
eg. if we create an instance of MyZClass in the Zope root :
/MyInstance
I don't want people to be able to call : http://Zope_server/MyInstance/content
But we would like other DTML documents/methods such as http://Zope_server/MyInstance/index_html to be able to access the contents using "<dtml-var content>"
As a suggestion, you could make a switch in your index_html methods that your content method looks for. e.g., in index_html for MyZClass: <dtml-let ok_to_display_content="1"> do the content stuff </dtml-let> and in content <dtml-if ok_to_display_content> show your content <dtml-else> You shouldn't be viewing this... (or perhaps you could call the parent or do a redirect here) </dtml-if>
I've been getting nowhere with the "Define Permissions" tab of the 'content' DTML method in the ZClass definition - it's simply not possible to disable the 'view' property.
It's a bit of a kludge, but should easily get you the behavior you want... Regards, --Jim Washington
As a suggestion, you could make a switch in your index_html methods that your content method looks for.
e.g., in index_html for MyZClass:
<dtml-let ok_to_display_content="1"> do the content stuff </dtml-let>
and in content
<dtml-if ok_to_display_content> show your content <dtml-else> You shouldn't be viewing this... (or perhaps you could call the parent or do a redirect here) </dtml-if>
Nice idea Jim.
I've been getting nowhere with the "Define Permissions" tab of the 'content' DTML method in the ZClass definition - it's simply not possible to disable the 'view' property.
It's a bit of a kludge, but should easily get you the behavior you want...
Well, if it's coming down to kludges, I was initially playing with writing this in the first line of the DTML method 'content' : <dtml-if "URL[-7:]=='content'"> <dtml-return err_page> </dtml-if> My only concern was that I was pretty sure somebody would be able to circumvent this using some sneaky query string or URL. My other concern was that I didn't want to hack/kludge this if I was overlooking something basic in DTML/Zope but if there really isn't any alternative, then I guess this will do for now :( This could also be coupled with your idea of a boolean property to manually enable/disable it. Thank you again. chas
Having spent the better part of the night getting nowhere with this, I hope somebody can help.
Consider a DTML method (called 'content') which is part of a ZClass as follows :
/Control_Panel /Products /MyProduct /MyZClass content [dtml method]
Is there no way to protect the DTML method so that it cannot be accessed directly from instances of this ZClass ?
eg. if we create an instance of MyZClass in the Zope root :
/MyInstance
I don't want people to be able to call : http://Zope_server/MyInstance/content
But we would like other DTML documents/methods such as http://Zope_server/MyInstance/index_html to be able to access the contents using "<dtml-var content>"
participants (2)
-
chas -
Jim Washington