Previously Charlie Clark wrote: > > Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl: > > >If you have a script somewhere in the skins or in your site it will > >*always* be available for people who call it up directly by URL. > >There is no builtin mechanism in Zope or the CMF to control that. > >You could do some "manual" checking inside the script to make sure > >the calling user has the right permissions or the script is not > >called by direct URL traversal. > > Thanks, I thought as much. It's not difficult to check the user for > the correct role and return an index page otherwise but I guess I > need to start explicitly attaching such scripts to objects and their > methods but I'm still on that learning curve, which is probably not > helped by the fact I nearly always store data in an RDBMS and I don't > use O/R mappers.
You can use a browser view instead of a python script and protect that with a permission. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests