I like this idea.  Is this a standard approach in the Zope world?  Surely this 
is a relatively common problem...at least it seems to me that the intention of 
external methods is to provide support routines with unrestricted python that 
are never meant to be called directly by users.  Or are external methods the 
wrong way to do this?



----- Original Message ----
From: Jonathan (dev101) <dev...@magma.ca>
To: Pedro LaWrench <pedrolawre...@yahoo.com>; zope@zope.org
Sent: Tuesday, April 28, 2009 8:08:03 AM
Subject: Re: [Zope] how to prevent URL access to an external method?

Within the ExternalMethod you could check the ACTUAL_URL variable (in REQUEST) 
and if the name of the external method is found you could redirect the user to 
a "you're a baaad user" page.

Jonathan

----- Original Message ----- From: "Pedro LaWrench" <pedrolawre...@yahoo.com>
To: <zope@zope.org>
Sent: Tuesday, April 28, 2009 11:04 AM
Subject: [Zope] how to prevent URL access to an external method?



I need to do something on the filesystem, which requires unrestricted python, 
so I created an external method. The problem is that anyone can call that 
directly via URL, so I added a permission check. Even then, users with the 
sufficient permissions can call this via URL, which I don't want them to do. I 
only want them to have access indirectly from other pages (such as a page 
template that will pass sane parameters). Is there anyway to do this?

Thanks,
PL



_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**  No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )



--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.12.6/2084 - Release Date: 04/28/09 
06:15:00


      
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to