In my opinion Tres's way is the correct one for this case<br><br>Why? Because the original must be is to run the script only for internal processes<br><br>The main diference between an internal call and a user one is the REQUEST parameter and then the Tres's solution seems the more convenient way<br>
<br>It's only my opinion<br><br><div class="gmail_quote">2009/4/28 Jaroslav Lukesh <span dir="ltr"><<a href="mailto:lukesh@seznam.cz">lukesh@seznam.cz</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Why? It is more transparent and better way - use security tab.<br>
<div class="im"><br>
<br>
----- Original Message -----<br>
From: "Tres Seaver" <<a href="mailto:tseaver@palladion.com">tseaver@palladion.com</a>><br>
<br>
<br>
</div><div class="im">> -----BEGIN PGP SIGNED MESSAGE-----<br>
> Hash: SHA1<br>
><br>
> Pedro LaWrench wrote:<br>
>> I need to do something on the filesystem, which requires unrestricted<br>
>> python, so I created an external method. The problem is that anyone<br>
>> can call that directly via URL, so I added a permission check. Even<br>
>> then, users with the sufficient permissions can call this via URL,<br>
>> which I don't want them to do. I only want them to have access<br>
>> indirectly from other pages (such as a page template that will pass<br>
>> sane parameters). Is there anyway to do this?<br>
><br>
> Add a REQUEST argument to your function, defaulting to None. The<br>
> publisher will always pass the request in for that argument, while the<br>
> other templates / scripts should not. E.g.:<br>
><br>
> def doSomething(self, REQUEST=None):<br>
> """ Don't call me directly via a URL!!!<br>
> """<br>
> if REQUEST is not None:<br>
> raise ValueError('Wicked, evil, naughty Zoot!')<br>
<br>
</div><div><div></div><div class="h5">_______________________________________________<br>
Zope maillist - <a href="mailto:Zope@zope.org">Zope@zope.org</a><br>
<a href="http://mail.zope.org/mailman/listinfo/zope" target="_blank">http://mail.zope.org/mailman/listinfo/zope</a><br>
** No cross posts or HTML encoding! **<br>
(Related lists -<br>
<a href="http://mail.zope.org/mailman/listinfo/zope-announce" target="_blank">http://mail.zope.org/mailman/listinfo/zope-announce</a><br>
<a href="http://mail.zope.org/mailman/listinfo/zope-dev" target="_blank">http://mail.zope.org/mailman/listinfo/zope-dev</a> )<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Mis Cosas<br><a href="http://blogs.sistes.net/Garito">http://blogs.sistes.net/Garito</a><br>Zope Smart Manager<br><a href="http://blogs.sistes.net/Garito/670">http://blogs.sistes.net/Garito/670</a><br>