how to make attributes of arbitrary complex python objects (assume you don't have access to the python source code of these objects) accessible from zope, without reverting to tricks like marshalling the objects into dictionaries? will a deeper look into the ZSQL source code help me mastering this problem? i have some functions from a python application which give back objects as their return value. i want to access attributes from these objects from ZPT. I'm calling the functions via external methods which return the objects. it is also possible to display the objects themselves (their __str__ or __repr__ function is called). when i want to access a member variable of such an object, zope wants me to authenticate again. i know, this has something to do with security an i also read the appropriate chapter in the zope developer guide, but i don't want to implement a container for each class which transforms objects into dictionaries and perhaps back again. BTW persistance is not needed, it is even a thing i never want for these type of objects. -- Michael Lausch See my web page <http://www.lausch.at/> or query PGP key server for PGP key. "Reality is that which, when you stop believing in it, doesn't go away". -- Philip K. Dick
Michael Lausch writes:
.... i have some functions from a python application which give back objects as their return value. i want to access attributes from these objects from ZPT. I'm calling the functions via external methods which return the objects. it is also possible to display the objects themselves (their __str__ or __repr__ function is called). when i want to access a member variable of such an object, zope wants me to authenticate again. Please read the Zope developer guide. It should tell you about the security declarations necessary to make attributes accessible by TTW (Through The Web) code...
Dieter
On Fri, 2002-03-29 at 21:18, Dieter Maurer wrote:
Please read the Zope developer guide. It should tell you about the security declarations necessary to make attributes accessible by TTW (Through The Web) code...
but how to add security declarations to classes where i don't have the source code, or in which i do not want to introduce zope dependencies (not that this is a bad thing per se, but consider using the same backend code in 2 different environments, WWW and GUI)
Dieter
-- Michael Lausch See my web page <http://www.lausch.at/> or query PGP key server for PGP key. "Reality is that which, when you stop believing in it, doesn't go away". -- Philip K. Dick
Michael Lausch writes:
On Fri, 2002-03-29 at 21:18, Dieter Maurer wrote:
Please read the Zope developer guide. It should tell you about the security declarations necessary to make attributes accessible by TTW (Through The Web) code...
but how to add security declarations to classes where i don't have the source code, or in which i do not want to introduce zope dependencies (not that this is a bad thing per se, but consider using the same backend code in 2 different environments, WWW and GUI) I see two options:
* one is called "Monkey-patching" (I do not like the term, but it is used by the list): It means "runtime modification" (usually at initialization time) of existing classes. Look at "AccessControl.SecurityInfo.allow_class" for an example of providing security declarations at runtime "allow_class" makes a class (completely) unprotected. * derive a Zope special class from the source-less or general purpose class and add whatever is necessary to use it inside Zope I would usually prefer this solution. Dieter
participants (2)
-
Dieter Maurer -
Michael Lausch