Excellent.  Thank you all for the suggests.


----- Original Message ----
From: Tres Seaver <tsea...@palladion.com>
To: zope@zope.org
Sent: Tuesday, April 28, 2009 8:38:18 AM
Subject: Re: [Zope] how to prevent URL access to an external method?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pedro LaWrench wrote:
> I need to do something on the filesystem, which requires unrestricted
> python, so I created an external method. The problem is that anyone
> can call that directly via URL, so I added a permission check. Even
> then, users with the sufficient permissions can call this via URL,
> which I don't want them to do. I only want them to have access
> indirectly from other pages (such as a page template that will pass
> sane parameters). Is there anyway to do this?

Add a REQUEST argument to your function, defaulting to None.  The
publisher will always pass the request in for that argument, while the
other templates / scripts should not.  E.g.:

def doSomething(self, REQUEST=None):
    """ Don't call me directly via a URL!!!
    """
    if REQUEST is not None:
        raise ValueError('Wicked, evil, naughty Zoot!')


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tsea...@palladion.com
Palladion Software  "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ9yLq+gerLs4ltQ4RAlj1AKDG4YIkceWD8yXpz0jvxqiN8Qlw2gCbBa9E
tCVUTkjoRIPL8YjSzFHY528=
=QbiL
-----END PGP SIGNATURE-----

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )



      
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to