Access Control

Document templates provide a basic level of access control by preventing access to names beginning with an underscore9. Additional control may be provided by providing document templates with a 'validate' method. This would typically be done by subclassing one or more of the DocumentTemplate classes.

If provided, the 'validate' method will be called when objects are accessed as instance attributes or when they are accessed through keyed access in an expression. The 'validate' method will be called with five arguments:

1. The containing object that the object was accessed from,
2. The actual containing object that the object was found in, which may be different from the containing object the object was accessed from, if the containing object supports acquisition,
3. The name used to access the object,
4. The object, and
5. The name-space object used to render the document template.

If a document template is called from Zope, then the name-space object will have an attribute AUTHENTICATED_USER that is the user object that was found if Zope authenticated a user.

Zope document objects provide their own validate method that implements the security rules of the Zope application framework.