In regards to Proxy Authorization for Page Templates: 1) Is there a reason they don't have it out of the box? 2) Is there any way to modify them so they can have this? For most of my work, the python scripts are called from page templates. Being able to restrict the execution of those scripts to a specific page template via proxy authorization would be very desirable. I use this feature to prevent direct execution of the Z SQL Methods the scripts call, but cannot protect the scripts in a similar fashion which is somewhat frustrating. Edward
you might try to add use a .metatdate file (for foobar.pt): foobar.pt.metadata: [security] proxy=Manager This requires CMF 1.4+ I think . -aj --On Freitag, 6. Februar 2004 13:29 Uhr -0700 Edward Pollard <pollej@uleth.ca> wrote:
In regards to Proxy Authorization for Page Templates:
1) Is there a reason they don't have it out of the box? 2) Is there any way to modify them so they can have this?
For most of my work, the python scripts are called from page templates. Being able to restrict the execution of those scripts to a specific page template via proxy authorization would be very desirable. I use this feature to prevent direct execution of the Z SQL Methods the scripts call, but cannot protect the scripts in a similar fashion which is somewhat frustrating.
Edward
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Thank you for the suggestion. We're using Zope for our own custom projects, however, and do not use CMF. Ed On Feb 6, 2004, at 1:43 PM, Andreas Jung wrote:
you might try to add use a .metatdate file (for foobar.pt):
foobar.pt.metadata:
[security] proxy=Manager
This requires CMF 1.4+ I think .
-aj
--On Freitag, 6. Februar 2004 13:29 Uhr -0700 Edward Pollard <pollej@uleth.ca> wrote:
In regards to Proxy Authorization for Page Templates:
1) Is there a reason they don't have it out of the box? 2) Is there any way to modify them so they can have this?
For most of my work, the python scripts are called from page templates. Being able to restrict the execution of those scripts to a specific page template via proxy authorization would be very desirable. I use this feature to prevent direct execution of the Z SQL Methods the scripts call, but cannot protect the scripts in a similar fashion which is somewhat frustrating.
Edward
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Edward Pollard wrote at 2004-2-6 13:29 -0700:
In regards to Proxy Authorization for Page Templates:
1) Is there a reason they don't have it out of the box?
The authors decided, that things requiring special privileges should be done in a Python Script (which have proxy roles).
2) Is there any way to modify them so they can have this?
Sure. You will need to change the source.
For most of my work, the python scripts are called from page templates. Being able to restrict the execution of those scripts to a specific page template via proxy authorization would be very desirable. I use this feature to prevent direct execution of the Z SQL Methods the scripts call, but cannot protect the scripts in a similar fashion which is somewhat frustrating.
You can give these scripts a non-"None" "index_html" and prevent them from being called via the Web. You will need an External Method to modify a Scripts "index_html". A cleaner solution would be to make your own variant of "NonWebCallablePythonScript". It would derive from "PythonScript" and define a non-"None" "index_html". -- Dieter
participants (3)
-
Andreas Jung -
Dieter Maurer -
Edward Pollard