This may help: http://www.zope.org/Documentation/ZDG/Security.dtml (see Using ModuleSecurityInfo Objects) I think it will be something along the lines of: from AccessControl import ModuleSecurityInfo ModuleSecurityInfo('Products').declarePublic('SignedEditions') ModuleSecurityInfo('Products.SignedEditions').declarePublic('stripCardNumber ', 'verifyCardNumber') ----- Original Message ----- From: "R. David Murray " <bitz@bitdance.com> To: <zope-dev@zope.org> Sent: Thursday, April 19, 2001 1:56 PM Subject: [Zope-dev] how to add to the pythonscript allowed import list?
I've got a little Product that does some init hacks. One of the things I want to do is expose a couple of python fuctions such that they can be imported into pythonscripts. After much spelunking in the mailing list and the PythonMethods wiki on zope.org, I *think* that what I need to do is something like this:
---------------------- from AccessControl import ModuleSecurityInfo
security = ModuleSecurityInfo()
security.declarePublic('SignedEditions') security.declarePublic('stripCardNum','verifyCardNumber') from cccheck import stripCardNum, verifyCardNumber
security.apply(globals()) ----------------------
Now, that SignedEditions one is my attempt to solve the following error message when I attempt to do 'from SignedEditions import stripCardNum':
Error Type: ImportError Error Value: import of "SignedEditions" is unauthorized
However, it does not solve the problem.
Hmm. I just noticed that I forgot to prefix that with "Products.". Which would seem to make that error message a bug, since SignedEditions shouldn't exist in the import path. If I do
from Products.SignedEditions import stripCardNum
then ZDebug tells me:
Unauthorized: Access denied for <module 'Products.SignedEditions' from '/usr/local/zope/sites/signededitions/Products/SignedEditions/__init__.py'&g t; because its container, <module 'Products' from '/usr/local/zope/Zope231b1/lib/python/Products/__init__.pyc'>, has no security assertions.
What do I need to do to assert that it is OK to import from the SignedEditions product? The wiki does not seem to address this question at all, though it implies that it is possible, since it *does* talk about the above assertions to declare things *inside* the product as importable.
(Oh, BTW, I tried changing 'security' to "ZopeSecurity", but that didn't seem to change the behavior).
--RDM
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )