Re: [Zope-dev] Preventing scripts from being called directly
Florent Guillaume wrote: The way I do it is: ##parameters=foo, bar, ..., REQUEST=None if REQUEST is not None: raise 'Unauthorized', 'Not callable TTW' I believe this is much better. I get function not accessible in restricted mode with my own solution. Thanks, /dario -- -- --- Dario Lopez-Kästen, IT Systems Services Chalmers University of Tech. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Preventing scripts from being called directly
Dario Lopez-Kästen wrote: because the scripts i use in conjunction with SUF and that return person information are callable as http://server/acl_users/scriptname. Oh, well those can be totally unavailable to everyone. It seems the security machinery is bypassed at that stage in the game ;-) BTW, will SUF have support for FS-based scripts in the future? It already does, see the section on subclass usage in the documentation and the tests... Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Preventing scripts from being called directly
In article [EMAIL PROTECTED] you write: Hello, I am trying to prevent PythonScripts from being called directly TTW. Is there a better way of doing this than the following code being called at the very begining of the script? if script.getPhysicalPath() = context.REQUEST.PUBLISHED.getPhysicalPath(): raise UnAuthorisedOrSimilar The way I do it is: ##parameters=foo, bar, ..., REQUEST=None if REQUEST is not None: raise 'Unauthorized', 'Not callable TTW' ... Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 71 59 http://nuxeo.com mailto:[EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Preventing scripts from being called directly
Dario Lopez-Kästen wrote: I am trying to prevent PythonScripts from being called directly TTW. Why? Is there a better way of doing this than the following code being called at the very begining of the script? if script.getPhysicalPath() = context.REQUEST.PUBLISHED.getPhysicalPath(): raise UnAuthorisedOrSimilar Make the scripts only viewable by Manager, and give whatever calls them that role by Proxy. Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Preventing scripts from being called directly
Chris Withers wrote: Dario Lopez-Kästen wrote: I am trying to prevent PythonScripts from being called directly TTW. Why? because the scripts i use in conjunction with SUF and that return person information are callable as http://server/acl_users/scriptname. And the SUF API demands that the scripts accept a parameter that then can easily be supplied in the url. If all this is done, then I can obtain info about users that way. Not good. Is there a better way of doing this than the following code being called at the very begining of the script? if script.getPhysicalPath() = context.REQUEST.PUBLISHED.getPhysicalPath(): raise UnAuthorisedOrSimilar Make the scripts only viewable by Manager, and give whatever calls them that role by Proxy. hm... right... that'd require even more customisation polocy of my Plone site than what is there now... I think i'll use the above code until I have time to fix the role/proxy assinging programatically. BTW, will SUF have support for FS-based scripts in the future? /dario -- -- --- Dario Lopez-Kästen, IT Systems Services Chalmers University of Tech. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )