Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl:

If you have a script somewhere in the skins or in your site it will *always* be available for people who call it up directly by URL. There is no builtin mechanism in Zope or the CMF to control that. You could do some "manual" checking inside the script to make sure the calling user has the right permissions or the script is not called by direct URL traversal.

Thanks, I thought as much. It's not difficult to check the user for the correct role and return an index page otherwise but I guess I need to start explicitly attaching such scripts to objects and their methods but I'm still on that learning curve, which is probably not helped by the fact I nearly always store data in an RDBMS and I don't use O/R mappers.

Charlie Clark
Helmholtzstr. 20
D- 40215
Tel: +49-211-938-5360
GSM: +49-178-782-6226

Zope-CMF maillist  -

See for bug reports and feature requests

Reply via email to