[Zope-CMF] Controlling permissions for actions

Charlie Clark charlie at begeistert.org
Thu Sep 27 07:01:58 EDT 2007

Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl:

> If you have a script somewhere in the skins or in your site it will  
> *always* be available for people who call it up directly by URL.  
> There is no builtin mechanism in Zope or the CMF to control that.  
> You could do some "manual" checking inside the script to make sure  
> the calling user has the right permissions or the script is not  
> called by direct URL traversal.

Thanks, I thought as much. It's not difficult to check the user for  
the correct role and return an index page otherwise but I guess I  
need to start explicitly attaching such scripts to objects and their  
methods but I'm still on that learning curve, which is probably not  
helped by the fact I nearly always store data in an RDBMS and I don't  
use O/R mappers.

Charlie Clark
Helmholtzstr. 20
D- 40215
Tel: +49-211-938-5360
GSM: +49-178-782-6226

More information about the Zope-CMF mailing list