[Zope] how to prevent URL access to an external method?

Pedro LaWrench pedrolawrench at yahoo.com
Tue Apr 28 15:08:14 EDT 2009

Sorry, you are correct, I meant to say from restricted space.  The external method is what gives me access to unrestricted python.  I do plan on using Tres' method.

----- Original Message ----
From: Lennart Regebro <regebro at gmail.com>
To: Pedro LaWrench <pedrolawrench at yahoo.com>
Cc: Jaroslav Lukesh <lukesh at seznam.cz>; zope at zope.org; Tres Seaver <tseaver at palladion.com>
Sent: Tuesday, April 28, 2009 11:12:20 AM
Subject: Re: [Zope] how to prevent URL access to an external method?

On Tue, Apr 28, 2009 at 18:25, Pedro LaWrench <pedrolawrench at yahoo.com> wrote:
> What would you change on the security tab?  I still want my authenticated users to have access to the method as a call to it is made from unrestricted space (such as a page template)

A page template is restricted. If it really was unrestricted it would
be called from Python code on the hard disk, and then you wouldn't
need the external method.

> I just don't want them to call the method directly.

So Tres method is the simplest one that does just this.

Lennart Regebro: Python, Zope, Plone, Grok
+33 661 58 14 64


More information about the Zope mailing list