How does one check the type of a variable in a python script? I get a global name error when I try to use the type method. I am just trying to write a generic python script which iterates over all members of form and generates hidden input tags for each, preserving the type, so I have to check the type of each form value in order to generate the correct field name. --sam
On Tue, May 04, 2004 at 12:46:08PM -0700, Sam Gendler wrote:
How does one check the type of a variable in a python script? I get a global name error when I try to use the type method.
yep, it's one of the builtins that are forbidden in TTW code for murky security reasons. The "same_type" function is available for that purpose. if same_type(foo, ''): # it's a string elif same_type(foo, 1): # ... you get the idea -- Paul Winkler http://www.slinkp.com
Paul Winkler wrote:
On Tue, May 04, 2004 at 12:46:08PM -0700, Sam Gendler wrote:
How does one check the type of a variable in a python script? I get a global name error when I try to use the type method.
yep, it's one of the builtins that are forbidden in TTW code for murky security reasons.
Some of the security restrictions that Zope imposes on developers seem completely arbitrary to me. I can understand hiding 'popen' in the name of security, I can understand restricting 'range()' to keep from exhausting memory, but why on earth can't I ask for an object's type? What I'd really like is to be able to turn off Zope's fascist security "features" in certain cases. If I'm working with a small team of trusted developers, I want to make things as easy as possible for them...the Zope learning curve is steep enough as it is. If the argument is to protect the system from cases where the end user could execute arbitrary code, then there are much more immediate problems! Any chance that Zope3 will allow an administrator to tailor how "locked down" a Zope installation (or instance) is? -- - David A. Riggs <riggs at csee dot wvu dot edu>
On Tue, Jun 01, 2004 at 06:40:05PM -0400, David A. Riggs wrote:
What I'd really like is to be able to turn off Zope's fascist security "features" in certain cases. If I'm working with a small team of trusted developers, I want to make things as easy as possible for them...the Zope learning curve is steep enough as it is. If the argument is to protect the system from cases where the end user could execute arbitrary code, then there are much more immediate problems!
You can already declare modules, classes, and types safe to import for TTW code. Just create a trivial Product that contains an __init__.py with this code: from AccessControl import allow_module, allow_class, allow_type # let scripts import the re module. allow_module('re') # let scripts instantiate and call methods of myclass. allow_class(myclass) # let scripts instantiate and call methods of mytype. allow_type(mytype) Notably absent is a way to declare builtin functions as safe, but you could work around that pretty easily - e.g. create a module with wrapper functions and declare that module importable. -- Paul Winkler http://www.slinkp.com
David A. Riggs wrote:
Some of the security restrictions that Zope imposes on developers seem completely arbitrary to me.
That's why they're there. When you understand why they're there, you'll understand why they're there ;-)
to keep from exhausting memory, but why on earth can't I ask for an object's type?
because type(x) returns the type object used to create x, which apparently isn't safe, and although I don't know the details, it's something I can believe... That's why there's the (probably underdocumented) sametype (or is that same_type ?) function...
What I'd really like is to be able to turn off Zope's fascist security "features" in certain cases.
I'm sure I saw some deeply buried and not-documented feature that would let you do this. That said, a stanza in zope.conf allowing you to tailor the security policy would be welcome, but is there anyone for whom there is enough of an itch here to scratch?
Any chance that Zope3 will allow an administrator to tailor how "locked down" a Zope installation (or instance) is?
EVERYTHING is configurable in Zope 3, allegedly, but I get the impression it involves a lot of learning from scratch right now... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
David A. Riggs wrote at 2004-6-1 18:40 -0400:
... but why on earth can't I ask for an object's type?
Because, in many cases the result would surprise you... "type" applied to almost any Zope object will not give you "Instance" (as you would expect in a pure Python application) but "ImplicitAcquirer Wrapper" (or something like this). Moreover, access to any object returned by type would give you an "Unauthorized" (as these objects do not carry the necessary security declarations). As a consequence, "type" would be (practically) unusable, even when you could call it. Use "same_type" instead. -- Dieter
participants (5)
-
Chris Withers -
David A. Riggs -
Dieter Maurer -
Paul Winkler -
Sam Gendler