[Zope] How to restrict the rendering of public methods?
sean.upton@uniontrib.com
sean.upton@uniontrib.com
Thu, 20 Dec 2001 12:29:00 -0800
The only way to do this is to turn pages into agents, and with proxy roles,
this is possible if your pages are DTML, but not with ZPT.
There is a way to do this; create custom roles bound to particular types of
behaviors. For example, create a role called 'renderer'; bind the 'View'
permission bound to standard_html_header, etc. Then use proxy roles to make
it so that your page 'foo_html' has a proxy role of 'renderer' -- this
effectively means that your page is 'an agent that has permission to access
resource standard_html_header' or something like that.
Sean
-----Original Message-----
From: Ausum [mailto:augusto@artlover.com]
Sent: Wednesday, December 19, 2001 10:39 PM
To: zope@zope.org
Subject: [Zope] How to restrict the rendering of public methods?
Is it possible to restrict a method to be rendered only by another method?
For
example, what if we don't want "standard_html_header" to be rendered by
itself?
Currently, typing "(path)/standard_html_header", in example, renders the
correspondant part of the page, because that method is already supossed to
be
permitted to view to all users, due the methods who would use it (like
index_html) will inherit that permission.
But, what if this turns out to be a security issue? Is it possible to turn
all
methods to be "system-callable-not-rendereable only", unless specified?
Thanks in advance,
Ausum
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )