Security Check Scripts

Into each list/add/edit generated methods, when option
to generate headers/footers is on, the result include the security check.

What do I mean by security check?
Security scripts return 1 when you grant access or return 0 when you don't
When script return 0 the generated method will display denied_method

You can group users by Zope role or by your own groups.
I choosed to assign Zope role Users to all my Intranet users
And to make them members of some groups taken from an SQL table.
Then all users with role Users can view objects, but security script
will return 1 only for some users which are members of some groups.

How this is working?
On SQL I have table groups with fields : gropupid, groupname
The Validation script you must choose here look like:

   if context.scr.ismember("IT"):
      return 1
      return 0

And ismember is another Python Script located into scr folder
which look like:

    Parameter List : groups
        #check if current user is member of groups
        import string
        # SQL is a generic ZSQL Method with q as parameter and <dtml-var q> as body
        for i in context.SQL(q="select * from users where username='"+user+"'"):
        flag=0 # assume is not member
        for i in string.split(groups,","):
        if i in gr:
          flag=1 # user is member
        return int(flag) # paranoia result return

You may call ismember with : if context.scr.ismember("IT,Editors,Security,Board") ...
to check if current (authenticated) user is members of IT or is member of Editors and so on.

Denied_method is just a DTML Method which contains:
<h1>Sorry! Access denied.</h1>
Or it may contains complex Python scripts which log unauthorised accesses...
Don't include in this method <dtml-var standard-html-header> or <dtml-var standard-html-footer>