[Zope] Newbie Questions (or maybe not... ;-)

Chris Withers chrisw@nipltd.com
Wed, 02 Feb 2000 12:40:53 +0000


Rik,

Thanks for the help with the second problem. Not entirely convinced about the
first one though... it seems quite a lot of effort to go through just to stop
people executing the methods on their own. Especially given that it sounds like
you'd have to go through the process for each method, and in a big site I can
imagine there'd be quite a lot of these :(

It's a shame there's no way to add a permission called 'execute' or similar to
the security model. That permission could allow other objects to execute the
method. You could then turn off the view permission, turn on the execute
permission, and hey presto! problem solved...

Any ideas?

Chris


Rik Hoekstra wrote:
> 
> Chris Withers wrote:
> >
> > Hi,
> >
> > I'm hoping these both have simple answers. Firstly, is there any way you can
> > make component DTML methods such as standard_html_header (and maybe other
> > objects) invisible to the outside world?
> >
> > It's messy (and possibly a security hazard!) if they're not, for example, take a
> > look at http://www.zope.org/standard_html_footer. This isn't really the sort of
> > thing you want visible on its own but what if that method actually did something
> > like delete files/etc...
> 
> You can give them permissions that do not make them only visible to a
> special user (let's say the Role is called SpecialUser). Then if you
> want to use them from another method, you can give this method a so
> called 'proxy role' (in this case the 'SpecialUser' role) which gives it
> the permission to execute the method in question. I vaguely remember
> that there was some documentation available on this matter, but I
> couldn't find it.
> 
> (To complicate this there is one caveat about proxy roles however: there
> seems to be a bug which prevents authorized users from changing the
> methods in question after their proxy roles have changed. This seems to
> be a bug - it may be remediated one day)
> 
> >
> > Secondly, is there any way you can specify a parent object of the same name in a
> > DTML method?
> > What I want to do is build up standard_html_header as you get deeper into a
> > directory structure, for example:
> >
> > in / standard_html_header is:
> > <HTML><HEAD><TITLE><!--#var title_or_id--></TITLE></HEAD><BODY
> > BGCOLOR="#FFFFFF">
> >
> > in /dir1 standard_html_header is:
> > <dtml-var standard_html_header>
> > Some more text for a header...
> >
> > and so on...
> >
> > Of course, this generates an infinite recursion. So what I'm asking is if
> > there's any way to tell the dtml-var call in /dir1/standard_html_header to use
> > the standard_html_header in / rather than in /dir1?
> 
> Yes use:
> <dtml-with "PARENTS[-1]">
>    <dtml-var standard_html_header>
> </dtml-with>
> PARENTS[-1] always is the top folder.
> 
> Of course you could also do it another way (simpler) by not calling the
> header in your method, but naming it differently. This would prevent
> infinite recursion (and possibly also some other very intricate
> acquisition problems further down the road)
> 
> Rik