[Zope-dev] Inhibit URL-traversal
Dario Lopez-Kästen
dario at ita.chalmers.se
Mon Feb 13 02:06:36 EST 2006
Dieter Maurer said the following on 2006-02-10 19:48:
> Dario Lopez-Kästen wrote at 2006-2-10 10:56 +0100:
>>...
>>for a product I am writing, i need to experiment with inhibiting
>>URL-traversal to the methods and subobjects of it. I still wnat the
>>methods and objects to be available via direct call, for instance:
>
>
> You can use a "SiteAccess" "AccessRule" for this.
>
> Be warned, however, that "AccessRules" can be disabled
> in the URL (by a few knowing people). If this concerns you,
> can can remove this feature from "AccessRule" (code modification).
>
Using an AccessRule is not precisely what I had in mind - I want my
product to behave in such a way by itself - but looking at how
AccessRules work will surely give me some insight. Thanks for the pointer.
>>...
>>Also, can such a behaviour be imposed on templates (they being methods
>>really) and Script(Python)s?
>
>
> It can -- with some difficulties:
>
> Templates and scripts are called because they define
> "index_html" as "None".
>
> If you give a template or script a non-None "index_html",
> then this object will be called instead of the template/script.
>
I see. Is this possible to do on FS-based scripts/templates? I believe
zodb-based files may be manipulated at install-time by my product, by I
am not sure how to do this for FS-based stuff.
Anyway, thanks Dieter for the pointers. This will get me started :-)
/dario
--
-- -------------------------------------------------------------------
Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.
Lyrics applied to programming & application design:
"emancipate yourself from mental slavery" - redemption song, b. marley
More information about the Zope-Dev
mailing list