[Zope] DTML method's contents accessible but not viewable within
aclass definition ? class definition ?
Jim Washington
jwashin@vt.edu
Sat, 08 Apr 2000 15:35:59 -0400
Hi chas
chas wrote:
>
> Having spent the better part of the night getting nowhere with
> this, I hope somebody can help.
>
> Consider a DTML method (called 'content') which is part of
> a ZClass as follows :
>
> /Control_Panel
> /Products
> /MyProduct
> /MyZClass
> content [dtml method]
>
> Is there no way to protect the DTML method so that it
> cannot be accessed directly from instances of this ZClass ?
>
> eg. if we create an instance of MyZClass in the Zope root :
>
> /MyInstance
>
> I don't want people to be able to call :
> http://Zope_server/MyInstance/content
>
> But we would like other DTML documents/methods such as
> http://Zope_server/MyInstance/index_html
> to be able to access the contents using "<dtml-var content>"
As a suggestion, you could make a switch in your index_html methods that
your content method looks for.
e.g., in index_html for MyZClass:
<dtml-let ok_to_display_content="1">
do the content stuff
</dtml-let>
and in content
<dtml-if ok_to_display_content>
show your content
<dtml-else>
You shouldn't be viewing this... (or perhaps you could call the parent
or do a redirect here)
</dtml-if>
>
> I've been getting nowhere with the "Define Permissions" tab of
> the 'content' DTML method in the ZClass definition - it's simply
> not possible to disable the 'view' property.
It's a bit of a kludge, but should easily get you the behavior you
want...
Regards,
--Jim Washington