[Zope] Newbie Questions (or maybe not... ;-)

Rik Hoekstra rik.hoekstra@inghist.nl
Wed, 02 Feb 2000 13:25:20 +0100


Chris Withers wrote:
> 
> Hi,
> 
> I'm hoping these both have simple answers. Firstly, is there any way you can
> make component DTML methods such as standard_html_header (and maybe other
> objects) invisible to the outside world?
> 
> It's messy (and possibly a security hazard!) if they're not, for example, take a
> look at http://www.zope.org/standard_html_footer. This isn't really the sort of
> thing you want visible on its own but what if that method actually did something
> like delete files/etc...

You can give them permissions that do not make them only visible to a
special user (let's say the Role is called SpecialUser). Then if you
want to use them from another method, you can give this method a so
called 'proxy role' (in this case the 'SpecialUser' role) which gives it
the permission to execute the method in question. I vaguely remember
that there was some documentation available on this matter, but I
couldn't find it. 

(To complicate this there is one caveat about proxy roles however: there
seems to be a bug which prevents authorized users from changing the
methods in question after their proxy roles have changed. This seems to
be a bug - it may be remediated one day)


> 
> Secondly, is there any way you can specify a parent object of the same name in a
> DTML method?
> What I want to do is build up standard_html_header as you get deeper into a
> directory structure, for example:
> 
> in / standard_html_header is:
> <HTML><HEAD><TITLE><!--#var title_or_id--></TITLE></HEAD><BODY
> BGCOLOR="#FFFFFF">
> 
> in /dir1 standard_html_header is:
> <dtml-var standard_html_header>
> Some more text for a header...
> 
> and so on...
> 
> Of course, this generates an infinite recursion. So what I'm asking is if
> there's any way to tell the dtml-var call in /dir1/standard_html_header to use
> the standard_html_header in / rather than in /dir1?

Yes use:
<dtml-with "PARENTS[-1]">
   <dtml-var standard_html_header>
</dtml-with>
PARENTS[-1] always is the top folder.

Of course you could also do it another way (simpler) by not calling the
header in your method, but naming it differently. This would prevent
infinite recursion (and possibly also some other very intricate
acquisition problems further down the road)

Rik