[Zope] Proxy Authorization for Page Templates
Dieter Maurer
dieter at handshake.de
Sat Feb 7 13:45:33 EST 2004
Edward Pollard wrote at 2004-2-6 13:29 -0700:
>In regards to Proxy Authorization for Page Templates:
>
>1) Is there a reason they don't have it out of the box?
The authors decided, that things requiring special privileges
should be done in a Python Script (which have proxy roles).
>2) Is there any way to modify them so they can have this?
Sure. You will need to change the source.
>For most of my work, the python scripts are called from page templates.
>Being able to restrict the execution of those scripts to a specific
>page template via proxy authorization would be very desirable. I use
>this feature to prevent direct execution of the Z SQL Methods the
>scripts call, but cannot protect the scripts in a similar fashion which
>is somewhat frustrating.
You can give these scripts a non-"None" "index_html"
and prevent them from being called via the Web.
You will need an External Method to modify a Scripts "index_html".
A cleaner solution would be to make your own variant
of "NonWebCallablePythonScript". It would derive from
"PythonScript" and define a non-"None" "index_html".
--
Dieter
More information about the Zope
mailing list