Why? It is more transparent and better way - use security tab.
----- Original Message ----- From: "Tres Seaver" <tsea...@palladion.com> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Pedro LaWrench wrote: >> I need to do something on the filesystem, which requires unrestricted >> python, so I created an external method. The problem is that anyone >> can call that directly via URL, so I added a permission check. Even >> then, users with the sufficient permissions can call this via URL, >> which I don't want them to do. I only want them to have access >> indirectly from other pages (such as a page template that will pass >> sane parameters). Is there anyway to do this? > > Add a REQUEST argument to your function, defaulting to None. The > publisher will always pass the request in for that argument, while the > other templates / scripts should not. E.g.: > > def doSomething(self, REQUEST=None): > """ Don't call me directly via a URL!!! > """ > if REQUEST is not None: > raise ValueError('Wicked, evil, naughty Zoot!') _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )