RE: [Zope] security model with regards to aquisition
-----Original Message----- From: Jim Fulton [mailto:jim@digicool.com] Sent: Thursday, April 29, 1999 10:23 PM To: Jay, Dylan Cc: 'zope@zope.org' Subject: Re: [Zope] security model with regards to aquisition
Jay, Dylan wrote:
(snip)
I wrote:
A possible work around is to use an expression and name the folder when you access properties to force access to the folder to be checked:
<!--#var "theSecretFolder.aProperty"-->
This work around doesn't seem to work in my case. I want to actually redirect to another address which seems to always work no matter whether the the folder is allowed to be accessed or not. Here is the method I'm using
<!--#if "_.getitem(id).title"--> <!--#call
"REQUEST.set('blah',_.string.split(DownloadItems[_.int(file)], '|'))"-->
<!--#call "REQUEST.set('loc',_.string.split(Locations[_.int(loc)],'|'))"--> <!--#with "_.namespace(file=aq_parent.id + '/' + id + '/' + blah[1])"--> <!--#call "RESPONSE.redirect(loc[1]+'/'+file+'?'+getArgs(_,file, 10)+'&f='+file)"--> <!--#/with--> <!--#else--> <!--#call "RESPONSE.setStatus(404)"--> <!--#/if-->
Are you saying that this code should work differently? Or that the file you redirect to should fail? If the former,
The above should call the 404 responce (or ask for authorization) if the method is being run from a directory that is restricted.
please help me out and point me to the specific test that you want to work differently. If the latter, then you need to change the property references in the file you redirected too. Alternatively, you can
The whole idea is the file I redirect too is on a completly different website. I want to use the security model in zope to determine who I generate a url to direct to another site (with a one time key so the file can't be downloaded again)
apply the change (to lib/python/DocumentTemplate/cDocumentTemplate) that I checked in yesterday. :)
I think I will have to do that.
participants (1)
-
Jay, Dylan