Tim Hicks said:
Andreas Jung said:
Module RestrictedPython.Guards, line 96, in handler TypeError: object does not support item or slice assignment
Does anyone have any idea what the problem is?
Digging further...
I made the TypeError a little more revealing on line 96 of RestrictedPython/Guards.py so it now shows the 'secattr' (method) being accessed, and its args::
def handler(self, *args): try: f = getattr(self.ob, secattr) except AttributeError: raise TypeError, '%s | %s | %s' % (error_msg, secattr, str(args))
The value of 'secattr' is apparently '__guarded_setitem__' in my case. So, it seems that the email.Message.Message class does not have a __guarded_setitem__ on it. This is unsurprising. I assume that it is supposed to get added during zope initialisation somewhere, right? Can anybody point out where?
Well, I've fixed this with an awful hack. My security assertions now look like:: from AccessControl import allow_module, allow_class from AccessControl import ModuleSecurityInfo def _secure_mapping(klass): """XXX Awful hack!! """ klass.__guarded_getitem__ = klass.__getitem__ klass.__guarded_setitem__ = klass.__setitem__ klass.__guarded_delitem__ = klass.__delitem__ ModuleSecurityInfo('email.Message').declarePublic('Message') from email.Message import Message _secure_mapping(Message) allow_class(Message) That gets me to where I want (for now). I'd still love the 'correct' answer though. Tim