[Zope] How to prevent web access to specific folder ?

Dieter Maurer dieter at handshake.de
Sat Oct 8 06:14:19 EDT 2005


Vladimir Petrovic wrote at 2005-10-6 17:44 +0300:
> ... restricting Web Publishing in specific folders ...
>I know this can be done by restricting View/Access Contents information 
>privileges for folders/scripts to the specific role and then giving DTML 
>methods proxy role. But, is there any other easier methods ?

There may be several alternative options:

  *  an "AccessRule"

     Two potential problems:
       
       -  they can be deactivated by the incomming request
          (but you can comment out the deactivating code)

       -  authentication has not yet taken place;
          the user identity is not yet known

  *  a "Post-Authentication-Hook"

     I think (but I am not sure) that Zope 2.8 has implemented them.

     If not, my Zope page contains a patch (for older Zope versions,
     will not work out of the box for Zope 2.8) for
     a "Post-Authentication-Hook" implementation.

       <http://www.dieter.handshake.de/pyprojects/zope>


-- 
Dieter


More information about the Zope mailing list