[Zope-dev] PageTemplateFile vs. Bindings vs. Security
Dieter Maurer
dieter at handshake.de
Tue Mar 23 15:45:32 EST 2004
Jamie Heilman wrote at 2004-3-22 16:42 -0800:
> ...
>So here's the questions I have for you all... is there a way to
>declare appropriate security on the bindings that are screwing me
>right now from within my product code so that I can selectively poke
>holes to allow container access where needed,
One approach (hopefully quite near to your wishes) looks like:
Protect your object by a role, say "Manager".
This looks like "__roles__ = ('Manager',)"
Give your "PageTemplateFile" the "Manager" proxy role:
"_proxy_roles = ('Manager',)"
Make your "PageTemplateFile" unowned: "_owner = None".
Instead of "Manager", you can use another role that you do not
assign any permissions.
Alternative:
An incredibly long time ago, Evan published a product
"XXXPythonScripts". These are "PythonScripts" without security
checks. Looking at the differences between these two products
may show what is needed to get security unaware "PageTemplateFiles".
--
Dieter
More information about the Zope-Dev
mailing list