Re: [Zope-dev] Inhibit URL-traversal
Dario Lopez-Kästen wrote at 2006-2-13 08:06 +0100: ... It can -- with some difficulties: Templates and scripts are called because they define index_html as None. If you give a template or script a non-None index_html, then this object will be called instead of the template/script. I see. Is this possible to do on FS-based scripts/templates? It is, but you have to work a bit: You derive your own classes from the original ones and provide an appropriate index_html definition. You register your classes to handle the appropriate extensions. Note, that the last registration wins over previous ones. You might need to force an import of the module/s performing the other registration/s in your module to ensure that your registration is indeed the last one. -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Inhibit URL-traversal
Dario Lopez-Kästen wrote: from a script or template: container.my_product_instance.some_method(...) but not http://some/url/my_product_instance/some_method?... You could try looking at some kind of __bobo_traverse__ function or maybe __before_publisher_traverse__. I've probably mispelled the latter, but it might be what you're after, since it affects the publisher but not method access... cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Inhibit URL-traversal
Dieter Maurer said the following on 2006-02-10 19:48: Dario Lopez-Kästen wrote at 2006-2-10 10:56 +0100: ... for a product I am writing, i need to experiment with inhibiting URL-traversal to the methods and subobjects of it. I still wnat the methods and objects to be available via direct call, for instance: You can use a SiteAccess AccessRule for this. Be warned, however, that AccessRules can be disabled in the URL (by a few knowing people). If this concerns you, can can remove this feature from AccessRule (code modification). Using an AccessRule is not precisely what I had in mind - I want my product to behave in such a way by itself - but looking at how AccessRules work will surely give me some insight. Thanks for the pointer. ... Also, can such a behaviour be imposed on templates (they being methods really) and Script(Python)s? It can -- with some difficulties: Templates and scripts are called because they define index_html as None. If you give a template or script a non-None index_html, then this object will be called instead of the template/script. I see. Is this possible to do on FS-based scripts/templates? I believe zodb-based files may be manipulated at install-time by my product, by I am not sure how to do this for FS-based stuff. Anyway, thanks Dieter for the pointers. This will get me started :-) /dario -- -- --- Dario Lopez-Kästen, IT Systems Services Chalmers University of Tech. Lyrics applied to programming application design: emancipate yourself from mental slavery - redemption song, b. marley ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Inhibit URL-traversal
Greetings, for a product I am writing, i need to experiment with inhibiting URL-traversal to the methods and subobjects of it. I still wnat the methods and objects to be available via direct call, for instance: from a script or template: container.my_product_instance.some_method(...) but not http://some/url/my_product_instance/some_method?... In effect I am hiding that part of the zodb for external access- Also, can such a behaviour be imposed on templates (they being methods really) and Script(Python)s? Thanks, /dario -- -- --- Dario Lopez-Kästen, IT Systems Services Chalmers University of Tech. Lyrics applied to programming application design: emancipate yourself from mental slavery - redemption song, b. marley ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Inhibit URL-traversal
Dario Lopez-Kästen wrote at 2006-2-10 10:56 +0100: ... for a product I am writing, i need to experiment with inhibiting URL-traversal to the methods and subobjects of it. I still wnat the methods and objects to be available via direct call, for instance: You can use a SiteAccess AccessRule for this. Be warned, however, that AccessRules can be disabled in the URL (by a few knowing people). If this concerns you, can can remove this feature from AccessRule (code modification). ... Also, can such a behaviour be imposed on templates (they being methods really) and Script(Python)s? It can -- with some difficulties: Templates and scripts are called because they define index_html as None. If you give a template or script a non-None index_html, then this object will be called instead of the template/script. -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
