[ZPT] Please help: No protection for PageTemplateFile!!
Dirksen Lau
dirksen.lau@polyu.edu.hk
Tue, 29 Jan 2002 19:36:53 +0800
Hi,
I want to shut off anonymous access to my class, but to my surprise, instances of PageTemplateFile leak through the security check, even the id of which starts with 'manage_'! Here's my class
class Dummy:
....
__roles__ = ['Authenticated', 'Owner', 'Manager']
index_html = PageTemplateFile('F:/zope2/lib/.../view.zpt', globals(), __name__='index_html')
manage_main = PageTemplateFile('F:/zope2/lib/.../manage_main.zpt', globals(), __name__='manage_main')
....
Globals.InitializeClass(Dummy)
Visiting index_html and manage_main gets through without an id check. If I change them to HTMLFile instances, the authen-box pops up right away.
Have I done it wrong? Please help!!
Cheers
Dirksen