DTML namespace problem (was: dtml-tree issue)
Hello, i have focused my problem on this: having a Python Script "testScript": ------------------------------------ class obj: a = 1 b = 2 c = 3 return obj() ------------------------------------ and a DTML Document "testWith": ------------------------------- <dtml-with testScript> <dtml-var a> </dtml-with> ------------------------------- when i try to view the DTML Document, i get an "Unauthorized" Exception..... I believe this has something to do with the security mechanism of Zope. What must i return from the Python Script in order for the DTML Document to work? Thanks for any help
--On Montag, 11. April 2005 13:44 Uhr +0300 Vangelis Mihalopoulos <mihalop@vtrip.net> wrote:
Hello,
i have focused my problem on this:
having a Python Script "testScript": ------------------------------------ class obj: a = 1 b = 2 c = 3
return obj() ------------------------------------
and a DTML Document "testWith": ------------------------------- <dtml-with testScript> <dtml-var a> </dtml-with> -------------------------------
when i try to view the DTML Document, i get an "Unauthorized" Exception..... I believe this has something to do with the security mechanism of Zope. What must i return from the Python Script in order for the DTML Document to work?
You should *not* define classes inside PythonScripts. PythonScripts are stricted and don't provide the full functionality. Either use filesystem based code (Zope Product) or use simple Python datatypes as dictionaries in this case. -aj
Andreas Jung wrote:
You should *not* define classes inside PythonScripts. PythonScripts are stricted and don't provide the full functionality. Either use filesystem based code (Zope Product) or use simple Python datatypes as dictionaries in this case.
An External Method behaves exactly the same. I have not yet involved in writting even the simpler Product and i will not do it now for such a trivial issue. I tried to return a dictionary, ----- return {'a':1, 'b':2, 'c':3} ------ but it the DTML Doc fails with a KeyError. I was wondering if there was some "Zopish" way to do it.... i don't know..... i kinda desperate here.... :-)
Hi, Am Montag, den 11.04.2005, 14:08 +0300 schrieb Vangelis Mihalopoulos:
Andreas Jung wrote:
You should *not* define classes inside PythonScripts. PythonScripts are stricted and don't provide the full functionality. Either use filesystem based code (Zope Product) or use simple Python datatypes as dictionaries in this case.
An External Method behaves exactly the same. I have not yet involved in writting even the simpler Product and i will not do it now for such a trivial issue.
I tried to return a dictionary, ----- return {'a':1, 'b':2, 'c':3} ------ but it the DTML Doc fails with a KeyError.
Use a dict and if you really need DTML... see the keyword "mapping" for <dtml-with> and <dtml-in> tags. If you want to return custom class objects into untrusted code (e.g. from external methods) you need to set security declarations on them - at least add the attribute: __allow_access_to_unprotected_subobjects=1 (from top of head - just grep -r zopes source for the actual name) HTH Tino
Just added __allow_access_to_unprotected_subobjects__=1 as an attribute of my class defined in an external python script and it works fine. Thanks Tino! Tino Wildenhain wrote:
Hi,
Am Montag, den 11.04.2005, 14:08 +0300 schrieb Vangelis Mihalopoulos:
Andreas Jung wrote:
You should *not* define classes inside PythonScripts. PythonScripts are stricted and don't provide the full functionality. Either use filesystem based code (Zope Product) or use simple Python datatypes as dictionaries in this case.
An External Method behaves exactly the same. I have not yet involved in writting even the simpler Product and i will not do it now for such a trivial issue.
I tried to return a dictionary, ----- return {'a':1, 'b':2, 'c':3} ------ but it the DTML Doc fails with a KeyError.
Use a dict and if you really need DTML... see the keyword "mapping" for <dtml-with> and <dtml-in> tags.
If you want to return custom class objects into untrusted code (e.g. from external methods) you need to set security declarations on them - at least add the attribute:
__allow_access_to_unprotected_subobjects=1
(from top of head - just grep -r zopes source for the actual name)
HTH Tino
participants (3)
-
Andreas Jung -
Tino Wildenhain -
Vangelis Mihalopoulos