[Zope] security model with regards to aquisition

Jay, Dylan djay@lucent.com
Fri, 30 Apr 1999 09:31:58 +1000


> -----Original Message-----
> From: Jim Fulton [mailto:jim@digicool.com]
> Sent: Thursday, April 29, 1999 10:23 PM
> To: Jay, Dylan
> Cc: 'zope@zope.org'
> Subject: Re: [Zope] security model with regards to aquisition
> 
> 
> Jay, Dylan wrote:
> 
> (snip)
> 
> > I wrote:
> > > A possible work around is to use an expression and name the folder
> > > when you access properties to force access to the folder to
> > > be checked:
> > >
> > >   <!--#var "theSecretFolder.aProperty"-->
> > 
> > This work around doesn't seem to work in my case. I want to actually
> > redirect to another address which seems to always work no 
> matter whether the
> > the folder is allowed to be accessed or not. Here is the 
> method I'm using
> > 
> > <!--#if "_.getitem(id).title"-->
> > <!--#call
> > 
> "REQUEST.set('blah',_.string.split(DownloadItems[_.int(file)],
> '|'))"-->
> > <!--#call 
> "REQUEST.set('loc',_.string.split(Locations[_.int(loc)],'|'))"-->
> > <!--#with "_.namespace(file=aq_parent.id + '/' + id + '/' + 
> blah[1])"-->
> >  <!--#call "RESPONSE.redirect(loc[1]+'/'+file+'?'+getArgs(_,file,
> > 10)+'&f='+file)"-->
> > <!--#/with-->
> > <!--#else-->
> > <!--#call "RESPONSE.setStatus(404)"-->
> > <!--#/if-->
> 
> Are you saying that this code should work differently?
> Or that the file you redirect to should fail?  If the former, 

The above should call the 404 responce (or ask for authorization) if the
method is being run from a directory that is restricted.

> please help me out and point me to the specific test that you want to
> work differently. If the latter, then you need to change the property
> references in the file you redirected too.  Alternatively, you can 

The whole idea is the file I redirect too is on a completly different
website. I want to use the security model in zope to determine who I
generate a url to direct to another site (with a one time key so the file
can't be downloaded again)

> apply the change (to lib/python/DocumentTemplate/cDocumentTemplate)
> that I checked in yesterday. :)

I think I will have to do that.