[ZPT] ZPT calling private Method
Dieter Maurer
dieter at handshake.de
Mon Jun 12 14:12:46 EDT 2006
Geoffroy Charollais wrote at 2006-6-12 15:04 +0200:
> ...
>I'm a newbee in Zope and I'm facing a problem:
You should carefully read the Zope book (2.7 edition, online).
You use of the terminology is not yet correct.
> ...
>I would like this pagetemplate to
>call a method from an another object,
>
><div tal:define="mytest python:context.MySecondObject.aMethod(AnArgument)">
>
>
>but in the same time
>I would like this second object to be declared as private (to be sure
>that it is not callable by URL).
If you could declare it private, it could no longer be
used from untrusted code (such as a "PageTemplate").
>In this case when I'm calling the protected method , I always have the
>same error message:
>
>*Error Type: Unauthorized*
>*Error Value: You are not allowed to access 'MySecondObject' in this
>context*
If you are only interested to prevent (direct) URL access,
you can give your object an "index_html" method.
This method is called to resolve urls ending in this object.
Of course, URLs of the form "<url_to_your_object>/<aMethod>"
could still be called by URL -- if the user has sufficient
permissions.
--
Dieter
More information about the ZPT
mailing list