Sean McGrath <sean.@propylon.com> wrote:
All,
I'm just a country boy raised on mashed potatoes and Zope 2.1.6. The new security model up here in the bright lights/big city world of Zope 2.2.4 has me all confused:-)
I have an external method that returns an object. I have a dtml method that tries to reference an attribute of that object. The attempted attribute reference causes the HTTP authenticate dialog to appear. No username/password seems to appease it.
Here is the relevant part of the DTML:
<dtml-call "REQUEST.set('foo',testexternal(REQUEST,RESPONSE))"> <dtml-var "foo.X">
Here is the external method "testexternal":
You need to tell Zope's security policy that untrusted code can read the attributes of instances of AClass, like so:
class AClass:
__allow_access_to_unprotected_subobjects__ = 1
def __init__(self): self.X = 1 self.Y = 2
def testexternal (self,REQUEST,RESPONSE): A = AClass() return A
Thanks in advance, Sean McGrath
Tres. -- =============================================================== Tres Seaver tseaver@digicool.com Digital Creations "Zope Dealers" http://www.zope.org