[Zope-CMF] Controlling permissions for actions
Wichert Akkerman
wichert at wiggy.net
Thu Sep 27 07:09:06 EDT 2007
Previously Charlie Clark wrote:
>
> Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl:
>
> >If you have a script somewhere in the skins or in your site it will
> >*always* be available for people who call it up directly by URL.
> >There is no builtin mechanism in Zope or the CMF to control that.
> >You could do some "manual" checking inside the script to make sure
> >the calling user has the right permissions or the script is not
> >called by direct URL traversal.
>
> Thanks, I thought as much. It's not difficult to check the user for
> the correct role and return an index page otherwise but I guess I
> need to start explicitly attaching such scripts to objects and their
> methods but I'm still on that learning curve, which is probably not
> helped by the fact I nearly always store data in an RDBMS and I don't
> use O/R mappers.
You can use a browser view instead of a python script and protect that
with a permission.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Zope-CMF
mailing list