On Tue, Jun 01, 2004 at 06:40:05PM -0400, David A. Riggs wrote:
What I'd really like is to be able to turn off Zope's fascist security "features" in certain cases. If I'm working with a small team of trusted developers, I want to make things as easy as possible for them...the Zope learning curve is steep enough as it is. If the argument is to protect the system from cases where the end user could execute arbitrary code, then there are much more immediate problems!
You can already declare modules, classes, and types safe to import for TTW code. Just create a trivial Product that contains an __init__.py with this code: from AccessControl import allow_module, allow_class, allow_type # let scripts import the re module. allow_module('re') # let scripts instantiate and call methods of myclass. allow_class(myclass) # let scripts instantiate and call methods of mytype. allow_type(mytype) Notably absent is a way to declare builtin functions as safe, but you could work around that pretty easily - e.g. create a module with wrapper functions and declare that module importable. -- Paul Winkler http://www.slinkp.com