[Zope] RE: [ZPT] Template/Script Access Via "Manager" Script

Tino Wildenhain tino@wildenhain.de
Sat, 14 Dec 2002 22:32:38 +0100 

Hi Dirk,

--On Samstag, 14. Dezember 2002 14:57 -0500 Dirk Leas <dirkLeas@mac.com> 
wrote:

> Thanks for your reply.
>
> My situation is that I have a folder with the following content:
>
> wmf - workflow manager script
> query - query template
> queryParser - script I invoke via tal:repeat to grab form data
> sort - sort template
> sortParser - script I invoke similar to above
>
> I'd like to allow wmf to call either query or sort, but disallow the
> user from hitting query, or sort (or their supporting scripts) directly.
> In looking at the security tab w/n ZMI, I see nothing that would let me
> do something like "disallow direct access, but allow access via Zope
> caller object".

The other way round: disallow for people except for a special role
(just create one, preferably in the root of your app)
And give your methods "proxy roles" for exactly this role.
Then only the python script can call, every other is sent to
the "unauthorized" screen.

> Were you suggesting that it would be best to create my own "WMF Managed
> Page Template" and "WMF Managed Script" subclasses? I'm pretty new to
> Zope, but when I considered that early on, it seemed pretty labor
> intensive (compared to inheritance in either Python directly or other

Not too hard. And compared to Java its even much simpler. (You should
have an eyeball at the appropriate section in the zope-book)
Roughly you just go to Control_Panel/Products, create a new
product (just like a folder) and then create a ZClass
with "Factory Functions". Derive your Class from ZPT or whatever you
want to manage. Go to the methods tab and just add your management
Templates and methods. This turns out to be pretty easy.

One tipp from me: while ZMI creates factory function in DTML,
you can easy replace these with a python script, which gives
you better readability:

request = container.REQUEST
response =  request.RESPONSE

# create the new object
object=container.FunctionElement.createInObjectManager('your_meta_type', 
request)

# edit propertys of the new object
object.propertysheets.main.manage_editProperties({'title':request.title})

# mimify the default behavior - redirect if called from ZMI
du=request.get('DestinationURL',None)
if du:
    response.redirect(du+'/manage_workspace')
else:
    response.redirect(request.URL2+'/manage_workspace')



> languages like Java. Is there an easier strategy I'm missing that
> wouldn't require me to build to new Zope Products? I was also kinda
> surprised I couldn't get external methods to be based on object methods

> -- too bad there isn't something like an External Object.

Every thing in Zope is an object. What do you mean with
External Object?

Regards
Tino