On Mon, Sep 15, 2008 at 07:44:58PM -0400, Thibaud Morel l'Horset wrote:
> Hello all,
> 
>   I'm trying to figure out how to prevent certain zope objects from being
> called directly but allow them to be called from another object.
> 
>   Here is an example:
>   You have a ZPT page, let's originally call it 'test'
>   test calls a Script(Python) 'script'
> 
>   I want any anonymous user to be able to call 'test' from the web but not
> 'script'. However, I want 'test' to call 'script' and render the contents of
> 'script' to anonymous users through 'test'. I tested this out by making the
> 'script' View permission only available for Authenticated users, and as
> anonymous I can neither hit 'test' nor 'script'.
> 
>   Based on my understanding of the Zope security framework I don't think
> this is possible... hopefully someone can tell me I'm wrong though and show
> me how to do it :)

http://plope.com/Books/2_7Edition/Security.stx#2-62


-- 

Paul Winkler
http://www.slinkp.com
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to