[Zope] how to prevent URL access to an external method?
pedrolawrench at yahoo.com
Tue Apr 28 11:42:10 EDT 2009
Excellent. Thank you all for the suggests.
----- Original Message ----
From: Tres Seaver <tseaver at palladion.com>
To: zope at zope.org
Sent: Tuesday, April 28, 2009 8:38:18 AM
Subject: Re: [Zope] how to prevent URL access to an external method?
-----BEGIN PGP SIGNED MESSAGE-----
Pedro LaWrench wrote:
> I need to do something on the filesystem, which requires unrestricted
> python, so I created an external method. The problem is that anyone
> can call that directly via URL, so I added a permission check. Even
> then, users with the sufficient permissions can call this via URL,
> which I don't want them to do. I only want them to have access
> indirectly from other pages (such as a page template that will pass
> sane parameters). Is there anyway to do this?
Add a REQUEST argument to your function, defaulting to None. The
publisher will always pass the request in for that argument, while the
other templates / scripts should not. E.g.:
def doSomething(self, REQUEST=None):
""" Don't call me directly via a URL!!!
if REQUEST is not None:
raise ValueError('Wicked, evil, naughty Zoot!')
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope maillist - Zope at zope.org
** No cross posts or HTML encoding! **
(Related lists -
More information about the Zope