[Zope] Idiom for accessing restricted capabilities
Geir Bækholt
Geir Bækholt
Sun, 29 Dec 2002 20:27:56 +0100
Hello Andrew,
Friday, December 27, 2002, 4:35:54 PM, you wrote:
> Your suggestion to use proxy roles implies a scheme whereby either
> http://zope/protected/method is called through another method that adds
> the appropriate role via its proxy mechanism, or is itself set to proxy
> to the required role. The issue with this is that the proxy role is set
> at invoke time, instead of by logic within the method.
> A.
set /zope/protected/method to be only accessible by managers.
make /zope/public/invoker a pythonscript that has proxy role of
manager.
then you can do all your logic in your pythonscript, and have it
return a pagetemplate suiting your needs :
# script that invokes logic
if (all_prerequisites_are_ok):
zope.protected.method()
context.REQUEST.RESPONSE.redirect('/zope/checked_out')
else:
return context.form_or_whatever_you_want_template()
this way, no one (except managers) can access /zope/protected/method
unless through /zope/public/invoker, which seems to be what you want..
- And you can check for your cookies aswell, but not as ugly as it
would be in a template...
:)
--
Geir Bækholt geir@funcom.com
Tools/HCI-developer
Tools/Billing - Product Operations
Funcom Oslo