[Zope] Security Permission Settings
Dieter Maurer
dieter@handshake.de
Mon, 26 Aug 2002 18:50:30 +0200
rruth@computer.org writes:
> What permissions do I set in the security tap to do the following:
>
> I have two dtml methods. The first one, 'validate' I want anonymous users to
> be able to access in the default manner. The second dtml method, 'query', I
> want to be called from the first dtml-method, 'validate', but never directly
> by an anonymous user. (ie. the anonymous user can connect to:
> http://...validate but will get an error for: http://...query)
>
> How do I set the permissions of the second dtml method, 'query' to do this?
This is not easy with Zope's security machinery.
I see two options:
* (easy) you map the "View" permission of "query"
only to "Manager" and give "validate" a proxy role (of "Manager").
* you give "query" an "index_html" method which does
whatever you want, e.g. "raise Unauthorized".
Ages ago, I posted an External Method to the mailing list
that allows you to set "index_html" of an arbitrary object.
Please search the archive.
Dieter