[Zope] security model with regards to aquisition

Jim Fulton jim@digicool.com
Thu, 29 Apr 1999 08:23:06 -0400


Jay, Dylan wrote:

(snip)

> I wrote:
> > A possible work around is to use an expression and name the folder
> > when you access properties to force access to the folder to
> > be checked:
> >
> >   <!--#var "theSecretFolder.aProperty"-->
> 
> This work around doesn't seem to work in my case. I want to actually
> redirect to another address which seems to always work no matter whether the
> the folder is allowed to be accessed or not. Here is the method I'm using
> 
> <!--#if "_.getitem(id).title"-->
> <!--#call
> "REQUEST.set('blah',_.string.split(DownloadItems[_.int(file)],'|'))"-->
> <!--#call "REQUEST.set('loc',_.string.split(Locations[_.int(loc)],'|'))"-->
> <!--#with "_.namespace(file=aq_parent.id + '/' + id + '/' + blah[1])"-->
>  <!--#call "RESPONSE.redirect(loc[1]+'/'+file+'?'+getArgs(_,file,
> 10)+'&f='+file)"-->
> <!--#/with-->
> <!--#else-->
> <!--#call "RESPONSE.setStatus(404)"-->
> <!--#/if-->

Are you saying that this code should work differently?
Or that the file you redirect to should fail?  If the former, 
please help me out and point me to the specific test that you want to
work differently. If the latter, then you need to change the property
references in the file you redirected too.  Alternatively, you can 
apply the change (to lib/python/DocumentTemplate/cDocumentTemplate)
that I checked in yesterday. :)

Jim

--
Jim Fulton           mailto:jim@digicool.com
Technical Director   (540) 371-6909              Python Powered!
Digital Creations    http://www.digicool.com     http://www.python.org

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.