Why? It is more transparent and better way - use security tab.
----- Original Message -----
From: "Tres Seaver" <tsea...@palladion.com>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Pedro LaWrench wrote:
>> I need to do something on the filesystem, which requires unrestricted
>> python, so I created an external method. The problem is that anyone
>> can call that directly via URL, so I added a permission check. Even
>> then, users with the sufficient permissions can call this via URL,
>> which I don't want them to do. I only want them to have access
>> indirectly from other pages (such as a page template that will pass
>> sane parameters). Is there anyway to do this?
>
> Add a REQUEST argument to your function, defaulting to None. The
> publisher will always pass the request in for that argument, while the
> other templates / scripts should not. E.g.:
>
> def doSomething(self, REQUEST=None):
> """ Don't call me directly via a URL!!!
> """
> if REQUEST is not None:
> raise ValueError('Wicked, evil, naughty Zoot!')
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
