[Zope] Re: Page Template security problem
Chris Beaven
chris at d-designz.co.nz
Wed Sep 28 20:01:44 EDT 2005
Dieter Maurer wrote:
> *HOWEVER* note that proxy roles are not passed to called objects.
> Thus, "emaildetails.htm" does not run with proxy roles.
> If it accesses objects from "admin folder", then you will
> get an "Unauthorized".
>
> A possible solution could be: let "sendDetail" access and process
> all protected information and pass the results only (hopefully elementary
> and therefor unrestricted) to the page template for formatting.
> Let "sendDetail" then send the formatted message itself.
Thank You Dieter,
The problem I was having is that I didn't realise that proxy roles are
not passed to called objects.
Like you suggested, I called all protected objects from the proxyed
script and passed the return values through to the page template. All
working wonderfully now.
More information about the Zope
mailing list