Within the ExternalMethod you could check the ACTUAL_URL variable (in 
REQUEST) and if the name of the external method is found you could redirect 
the user to a "you're a baaad user" page.

Jonathan

----- Original Message ----- 
From: "Pedro LaWrench" <pedrolawre...@yahoo.com>
To: <zope@zope.org>
Sent: Tuesday, April 28, 2009 11:04 AM
Subject: [Zope] how to prevent URL access to an external method?



I need to do something on the filesystem, which requires unrestricted 
python, so I created an external method. The problem is that anyone can call 
that directly via URL, so I added a permission check. Even then, users with 
the sufficient permissions can call this via URL, which I don't want them to 
do. I only want them to have access indirectly from other pages (such as a 
page template that will pass sane parameters). Is there anyway to do this?

Thanks,
PL



_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )



--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.12.6/2084 - Release Date: 04/28/09 
06:15:00

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to