<div dir="ltr">Hello all,<br><br> I'm trying to figure out how to prevent certain zope objects from being called directly but allow them to be called from another object.<br><br> Here is an example:<br> You have a ZPT page, let's originally call it 'test'<br>
test calls a Script(Python) 'script'<br><br> I want any anonymous user to be able to call 'test' from the web but not 'script'. However, I want 'test' to call 'script' and render the contents of 'script' to anonymous users through 'test'. I tested this out by making the 'script' View permission only available for Authenticated users, and as anonymous I can neither hit 'test' nor 'script'.<br>
<br> Based on my understanding of the Zope security framework I don't think this is possible... hopefully someone can tell me I'm wrong though and show me how to do it :)<br><br> Thanks very much for your time,<br>
<br>- Thibaud<br></div>