Geoffroy Charollais wrote at 2006-6-12 15:04 +0200: > ... >I'm a newbee in Zope and I'm facing a problem:
You should carefully read the Zope book (2.7 edition, online). You use of the terminology is not yet correct. > ... >I would like this pagetemplate to >call a method from an another object, > ><div tal:define="mytest python:context.MySecondObject.aMethod(AnArgument)"> > > >but in the same time >I would like this second object to be declared as private (to be sure >that it is not callable by URL). If you could declare it private, it could no longer be used from untrusted code (such as a "PageTemplate"). >In this case when I'm calling the protected method , I always have the >same error message: > >*Error Type: Unauthorized* >*Error Value: You are not allowed to access 'MySecondObject' in this >context* If you are only interested to prevent (direct) URL access, you can give your object an "index_html" method. This method is called to resolve urls ending in this object. Of course, URLs of the form "<url_to_your_object>/<aMethod>" could still be called by URL -- if the user has sufficient permissions. -- Dieter _______________________________________________ ZPT mailing list ZPT@zope.org http://mail.zope.org/mailman/listinfo/zpt