"Hiding" a Zope object from URL accesses
If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly? Thanks.
Gerald Gutierrez wrote:
If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly?
I think its as simple as revoking the access rights for anonymous (or other) users. I.e. it's not invisible, but rather not allowed (pardon my english). Dimitris http://atlas.central.ntua.gr:8000
Dimitris Andrakakis wrote:
Gerald Gutierrez wrote:
If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly?
I think its as simple as revoking the access rights for anonymous (or other) users. I.e. it's not invisible, but rather not allowed (pardon my english).
That's slightly different... cheers, Chris
Dimitris Andrakakis wrote:
Gerald Gutierrez wrote:
If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly?
I think its as simple as revoking the access rights for anonymous (or other) users. I.e. it's not invisible, but rather not allowed (pardon my english).
This should work, but you will also need to assign proxy roles ['higher' than anonymous] to any of the methods that call your /query method otherwise they will also be refused access! Ivan
Gerald Gutierrez wrote:
If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly?
It would be so nice if there was some way to do this gracefully in Zope, but there isn't :-S Chris
If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly?
AFAIK there is no way of hiding an object in Zope One way of doing this is probably by 1) never calling it directly, but always from another method or document 2) moving it to a folder/objectmanager that has security settings so that it will not let anyone in (apart from the manager) and a special role that you use exclusively as a proxy role for the methods calling your query hth Rik
participants (5)
-
Chris Withers -
Dimitris Andrakakis -
Gerald Gutierrez -
Ivan Cornell -
Rik Hoekstra