On Mon, Sep 15, 2008 at 07:44:58PM -0400, Thibaud Morel l'Horset wrote: > Hello all, > > I'm trying to figure out how to prevent certain zope objects from being > called directly but allow them to be called from another object. > > Here is an example: > You have a ZPT page, let's originally call it 'test' > test calls a Script(Python) 'script' > > I want any anonymous user to be able to call 'test' from the web but not > 'script'. However, I want 'test' to call 'script' and render the contents of > 'script' to anonymous users through 'test'. I tested this out by making the > 'script' View permission only available for Authenticated users, and as > anonymous I can neither hit 'test' nor 'script'. > > Based on my understanding of the Zope security framework I don't think > this is possible... hopefully someone can tell me I'm wrong though and show > me how to do it :)
http://plope.com/Books/2_7Edition/Security.stx#2-62 -- Paul Winkler http://www.slinkp.com _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )