Hi Dylan, I know I'm doing the same thing but it's something I really want to do. I guess I could return the list of tuples but wouldn't I then have to refer to the fields by number instead of name? That seems like a step backwards. I've got this nice object with named attributes and I shouldn't have to throw that out for security. I tend to be a purest and have always tried to keep efficiency in mind when writing applications. I really have to get past that. When I think about all the overhead a web application has to go through to do the same job as my old green screen application, I shiver. By the way, that return line was slick. I didn't know Python could convert a item into a list in a single line like that. You learn something new every day. Thanks again -----Original Message----- From: Dylan Reinhardt [mailto:zope@dylanreinhardt.com] Sent: Monday, December 01, 2003 4:15 PM To: joe@goldthwaites.com Cc: Zope Users Subject: RE: [Zope] Security? On Mon, 2003-12-01 at 14:24, Goldthwaite, Joe wrote:
Well, it didn't work. As soon as I tried to create a loop and access the .desc property of the ISLine objects, I got this message;
Error Type: Unauthorized Error Value: You are not allowed to access desc in this context
You're doing the same thing again... using custom objects in a restricted environment. Do *all* the heavy lifting in your external method... IMO, templates shouldn't have to do practically any logic at all. It's usually pretty easy to do this in Python, often just something like: --- return [(item['id'], item['desc']) for item in item_list] --- Then all your template has to do is iterate over a list of tuples. HTH, Dylan