[Zope] "Hiding" a Zope object from URL accesses

Ivan Cornell ivan.cornell@framestore.co.uk
Wed, 24 Jan 2001 10:39:11 +0000


Dimitris Andrakakis wrote:

> Gerald Gutierrez wrote:
> > If I have a Z SQL method set up as /query on my Zope site, how is it
> > possible for me to disallow direct accesses to it via a URL (like
> > http://localhost/query) ? If I cannot, then what is the convention people
> > use to store objects which are not supposed to be visible directly?
>
> I think its as simple as revoking the access rights for anonymous (or other)
> users. I.e. it's not invisible, but rather not allowed (pardon my english).

This should work, but you will also need to assign proxy roles ['higher' than
anonymous] to any of the methods that call your /query method otherwise they
will also be refused access!

Ivan