[Zope] Security for objects being called
Dieter Maurer
dieter at handshake.de
Wed Sep 17 14:01:16 EDT 2008
Thibaud Morel l'Horset wrote at 2008-9-15 19:44 -0400:
> I'm trying to figure out how to prevent certain zope objects from being
>called directly but allow them to be called from another object.
>
> Here is an example:
> You have a ZPT page, let's originally call it 'test'
> test calls a Script(Python) 'script'
Your options:
* check in "script" that is was not called directly via the Web.
You can do this by checking against "REQUEST['PUBLISHED']".
* give your "script" a non-"None" "index_html" attribute
Then, this "index_html" is called when accessed from the Web;
otherwise, the "script"s "__call__" is called.
* give your "script" and its "__call__" method an empty docstring.
--
Dieter
More information about the Zope
mailing list