[Zope] Security for objects being called

Dieter Maurer dieter at handshake.de
Wed Sep 17 14:01:16 EDT 2008


Thibaud Morel l'Horset wrote at 2008-9-15 19:44 -0400:
>  I'm trying to figure out how to prevent certain zope objects from being
>called directly but allow them to be called from another object.
>
>  Here is an example:
>  You have a ZPT page, let's originally call it 'test'
>  test calls a Script(Python) 'script'

Your options:

 * check in "script" that is was not called directly via the Web.
   You can do this by checking against "REQUEST['PUBLISHED']".

 * give your "script" a non-"None" "index_html" attribute
   Then, this "index_html" is called when accessed from the Web;
   otherwise, the "script"s "__call__" is called.

 * give your "script" and its "__call__" method an empty docstring.



-- 
Dieter


More information about the Zope mailing list