[Zope-CMF] Controlling permissions for actions
charlie at begeistert.org
Thu Sep 27 07:01:58 EDT 2007
Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl:
> If you have a script somewhere in the skins or in your site it will
> *always* be available for people who call it up directly by URL.
> There is no builtin mechanism in Zope or the CMF to control that.
> You could do some "manual" checking inside the script to make sure
> the calling user has the right permissions or the script is not
> called by direct URL traversal.
Thanks, I thought as much. It's not difficult to check the user for
the correct role and return an index page otherwise but I guess I
need to start explicitly attaching such scripts to objects and their
methods but I'm still on that learning curve, which is probably not
helped by the fact I nearly always store data in an RDBMS and I don't
use O/R mappers.
More information about the Zope-CMF