Jim Fulton wrote:
If this is what you want to do, then you need to pass the namespace to the Python function. You will have to do this explicitly.
def test(self, namespace): return self.myDTMLMethod(self, namespace)
if test is an ordinary Python method (defined in some base class), then you don't need to pass self, so from DTML:
<dtml-var standard_html_header> <dtml-let food="'Popcorn'"> test says: <dtml-var expr="test(_)"> </dtml-let> <dtml-var standard_html_footer>
This works! But is there a danger of bypassing security? I am working on a product, tableView, which Zope hosters may want to install for their users. If I don't pass in the namespace, the called DTML doesn't get permissions to do much of anything. If I do pass in the namespace, then it looks like it gets regular permissions. But if Zope is relying on the namespace to check permissions, then is there a danger that a user using my product could create their own munged dictionary, pass it in as the "namespace", and give themselves superuser status? For my particular product, it might be OK if the called DTML was part of the product and not modifiable by the user, but it would be good to know what's safe and what's not. Andrew