Hello again, First: Is there a way to prevent access to files in the server (pdf files, for instance). I intend to use sessions (REQUEST.SESSION) to control that. Is it possible? If not, what's the better option in this case? AccessRules also don't seem to work. Second: I'd like to use Session (REQUEST.SESSION) data as a parameter to another method (a Zsql Method for example). How can I do that in dtml? <dtml-with SESSION mapping> doesn't work. I guess I should use getSessionDataByKey, but I didn't figure out exactaly how. Can anyone help me? Thank you very much.
Leonardo Fernandes wrote:
Is there a way to prevent access to files in the server (pdf files, for instance). I intend to use sessions (REQUEST.SESSION) to control that. Is it possible? If not, what's the better option in this case? AccessRules also don't seem to work.
You should remove the 'View'-Right for Anonymous and only admit it to a special role. This can be done easily with a script...
I'd like to use Session (REQUEST.SESSION) data as a parameter to another method (a Zsql Method for example). How can I do that in dtml? <dtml-with SESSION mapping> doesn't work. I guess I should use getSessionDataByKey, but I didn't figure out exactaly how.
<dtml-call "REQUEST.SESSION.set('test','hello world')"> <dtml-var "SESSION.get('test')"> -mj
Is there a way to prevent access to files in the server (pdf files, for instance). I intend to use sessions (REQUEST.SESSION) to control that. Is it possible? If not, what's the better option in this case? AccessRules also don't seem to work.
You should remove the 'View'-Right for Anonymous and only admit it to a special role. This can be done easily with a script...
I'm using postgresql to store my users data (not acl_users folders) can I define roles to users registered this way and logged through REQUEST.SESSION?
I'd like to use Session (REQUEST.SESSION) data as a parameter to another method (a Zsql Method for example). How can I do that in dtml? <dtml-with SESSION mapping> doesn't work. I guess I should use getSessionDataByKey, but I didn't figure out exactaly how.
<dtml-call "REQUEST.SESSION.set('test','hello world')"> <dtml-var "SESSION.get('test')">
Yes, that prints "hello world", but how do I send "hello world" (assign it to a variable) to a ZSQL Method as a parameter? Thank you.
You should remove the 'View'-Right for Anonymous and only admit it to a special role. This can be done easily with a script...
I'm using postgresql to store my users data (not acl_users folders) can I define roles to users registered this way and logged through REQUEST.SESSION?
If that relational store of users is represented as a Zope user folder. (This can be done quite easily via External User Folder or maybe Simple User Folder.) If you're planning on managing security yourself, don't. You may have to do that in other app servers, but not in Zope. Re-implementing security is a bad thing.
I'd like to use Session (REQUEST.SESSION) data as a parameter to another method (a Zsql Method for example). How can I do that in dtml? <dtml-with SESSION mapping> doesn't work. I guess I should use getSessionDataByKey, but I didn't figure out exactaly how.
<dtml-call "REQUEST.SESSION.set('test','hello world')"> <dtml-var "SESSION.get('test')">
Yes, that prints "hello world", but how do I send "hello world" (assign it to a variable) to a ZSQL Method as a parameter?
SESSION is just an object. Pass it like any other parameter. With a number: <dtml-call "someZSQLMethod(someParameter=9)"> With an object: <dtml-call "someZSQLMethod(sessionParameter=REQUEST.SESSION)"> I might say that you could be better off breaking out what you need from SESSION before passing it in. <dtml-call "someZSQLMethod(parameterA=REQUEST.SESSION.get('A'), parameterB=REQUEST.SESSION.get('B'))"> --jcc
Leonardo Fernandes wrote at 2003-3-11 08:33 -0300:
Is there a way to prevent access to files in the server (pdf files, for instance).
You restrict "View" permission to these objects...
I intend to use sessions (REQUEST.SESSION) to control that. Is it possible?
Hm, the session object does not control (out of the box) accessibility. You may define an accessor with a proxy role providing access to your protected files that check things in "SESSION". Please, read the Zope Book (2.6 edition) to learn more about these things.
If not, what's the better option in this case? AccessRules also don't seem to work.
In what way do they not work?
Second: I'd like to use Session (REQUEST.SESSION) data as a parameter to another method (a Zsql Method for example). How can I do that in dtml?
I think, I already replied to this question... It is probably best to have: one question, one message. Dieter
participants (4)
-
Dieter Maurer -
J Cameron Cooper -
Leonardo Fernandes -
Maik Jablonski