[Zope-dev] Inhibit URL-traversal

Dario Lopez-Kästen dario at ita.chalmers.se
Mon Feb 13 02:06:36 EST 2006


Dieter Maurer said the following on 2006-02-10 19:48:
> Dario Lopez-Kästen wrote at 2006-2-10 10:56 +0100:
>>...
>>for a product I am writing, i need to experiment with inhibiting 
>>URL-traversal to the methods and subobjects of it. I still wnat the 
>>methods and objects to be available via direct call, for instance:
> 
> 
> You can use a "SiteAccess" "AccessRule" for this.
> 
> Be warned, however, that "AccessRules" can be disabled
> in the URL (by a few knowing people). If this concerns you,
> can can remove this feature from "AccessRule" (code modification).
> 

Using an AccessRule is not precisely what I had in mind - I want my 
product to behave in such a way by itself - but looking at how 
AccessRules work will surely give me some insight. Thanks for the pointer.

>>...
>>Also, can such a behaviour be imposed on templates (they being methods 
>>really) and Script(Python)s?
> 
> 
> It can -- with some difficulties:
> 
>   Templates and scripts are called because they define
>   "index_html" as "None".
> 
>   If you give a template or script a non-None "index_html",
>   then this object will be called instead of the template/script.
> 

I see. Is this possible to do on FS-based scripts/templates? I believe 
zodb-based files may be manipulated at install-time by my product, by I 
am not sure how to do this for FS-based stuff.

Anyway, thanks Dieter for the pointers. This will get me started :-)

/dario

-- 
-- -------------------------------------------------------------------
Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.
Lyrics applied to programming & application design:
"emancipate yourself from mental slavery" - redemption song, b. marley



More information about the Zope-Dev mailing list