Document templates provide a basic level of access control by preventing access to names beginning with an underscore9. Additional control may be provided by providing document templates with a 'validate' method. This would typically be done by subclassing one or more of the DocumentTemplate classes.
If provided, the 'validate' method will be called when objects are accessed as instance attributes or when they are accessed through keyed access in an expression. The 'validate' method will be called with five arguments:
If a document template is called from Zope, then the name-space object will have an attribute AUTHENTICATED_USER that is the user object that was found if Zope authenticated a user.
Zope document objects provide their own validate method that implements the security rules of the Zope application framework.
Previous Chapter | Next Chapter | Up | Next Section | Contents