[Zope] how to prevent URL access to an external method?
Tres Seaver
tseaver at palladion.com
Tue Apr 28 11:38:18 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pedro LaWrench wrote:
> I need to do something on the filesystem, which requires unrestricted
> python, so I created an external method. The problem is that anyone
> can call that directly via URL, so I added a permission check. Even
> then, users with the sufficient permissions can call this via URL,
> which I don't want them to do. I only want them to have access
> indirectly from other pages (such as a page template that will pass
> sane parameters). Is there anyway to do this?
Add a REQUEST argument to your function, defaulting to None. The
publisher will always pass the request in for that argument, while the
other templates / scripts should not. E.g.:
def doSomething(self, REQUEST=None):
""" Don't call me directly via a URL!!!
"""
if REQUEST is not None:
raise ValueError('Wicked, evil, naughty Zoot!')
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJ9yLq+gerLs4ltQ4RAlj1AKDG4YIkceWD8yXpz0jvxqiN8Qlw2gCbBa9E
tCVUTkjoRIPL8YjSzFHY528=
=QbiL
-----END PGP SIGNATURE-----
More information about the Zope
mailing list