[Zope] Hiding ZMI Pages

bruno modulix bruno at modulix.org
Fri Nov 5 05:02:03 EST 2004


Thomas Rampelberg wrote:
> Is there a way to keep users from being able to see any of the
> management pages? 

In the security tab, there's a 'View management screens'

> For example, return a 404 error if someone tries to
> go to http://zopesite/manage or http://zopesite/object/manage.

If you run Zope behind Apache, you could take advantage of rewrite rules 
and access control to hide 'manage' urls from requests on port 80 while 
allowing'em on 8080 (or whatever port your Zope listen to).

> In a similar vein, how would you go about keeping users from executing
> python scripts or external methods by just typing in the path to that
> object (http://zopesite/pythonscript) yet still let the pages that use
> those methods to access them?

It's in the fine manual, section "proxy roles".

-- 
Bruno Desthuilliers - Analyste-programmeur
bruno at modulix.org
www.modulix.com



More information about the Zope mailing list