object attribute access in zpt
Let 'pdate' be a python datetime object. I can do this: 'tal:attribute="value python:now"' However if I try to print out an attribute of 'now', like 'tal:attributes="value python:pdate.year"', I get a login prompt and the page fails with the following message: [...] * Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__ __traceback_info__: pdate.year * Module Python expression "pdate.year", line 1, in <expression> Unauthorized: You are not allowed to access 'year' in this context Anyone know how to avoid this? Regards, Sandor
Hi This works fine: <html> <head> <title tal:content="template/title">The title</title> </head> <body> <tal:block tal:define="today python:here.ZopeTime()"> Today : <span tal:replace="today"/> <br> Year: <span tal:replace="python:today.year()"/> <br> Month: <span tal:replace="python:today.month()"/> <br> Day: <span tal:replace="python:today.day()"/> </tal:block> </body> </html> Dragos ----- Original Message ----- From: <zope@netchan.cotse.net> To: <zope@zope.org> Sent: Friday, February 27, 2004 3:08 AM Subject: [Zope] object attribute access in zpt Let 'pdate' be a python datetime object. I can do this: 'tal:attribute="value python:now"' However if I try to print out an attribute of 'now', like 'tal:attributes="value python:pdate.year"', I get a login prompt and the page fails with the following message: [...] * Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__ __traceback_info__: pdate.year * Module Python expression "pdate.year", line 1, in <expression> Unauthorized: You are not allowed to access 'year' in this context Anyone know how to avoid this? Regards, Sandor _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
zope@netchan.cotse.net wrote:
Let 'pdate' be a python datetime object. I can do this: 'tal:attribute="value python:now"' However if I try to print out an attribute of 'now', like 'tal:attributes="value python:pdate.year"', I get a login prompt and the page fails with the following message: [...] * Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__ __traceback_info__: pdate.year * Module Python expression "pdate.year", line 1, in <expression>
Unauthorized: You are not allowed to access 'year' in this context
Anyone know how to avoid this?
Datetime is "untrusted" code. You must either tell Zope that you trust it, do this in an External Method where TTW restrictions don't apply, or use the alternate DateTime/ZopeTime. --jcc -- "He who fights with monsters should look to it that he himself does not become a monster. And when you gaze long into an abyss the abyss also gazes into you."
participants (3)
-
Dragos Chirila -
J Cameron Cooper -
zope@netchan.cotse.net