[ZDP] BackTalk to Document Zope Developer's Guide (2.4
edition)/Security
webmaster at zope.org
webmaster at zope.org
Wed Dec 3 23:29:51 EST 2003
A comment to the paragraph below was recently added via http://zope.org/Documentation/Books/ZDG/current/Security.stx#3-79
---------------
Objects that are returned from Python Scripts or External
Methods need to have assertions declared for themselves before
they can be used in restricted code. For example, assume you
have an External Method that returns instances of a custom
'Book' class. If you want to call this External Method from
DTML, and you'd like your DTML to be able to use the returned
'Book' instances, you will need to ensure that your class
supports Acquisition, and you'll need to make security
assertions on the 'Book' class and initialize it with the global
class initializer (just as you would with a class defined in a
Product). For example::
# an external method that returns Book instances
from AccessControl import ClassSecurityInfo
from Acquistion import Implicit
import Globals
class Book(Implicit):
def __init__(self, title):
self._title=title
# Create a SecurityInfo for this class
security = ClassSecurityInfo()
security.declareObjectPublic()
security.declarePublic('getTitle')
def getTitle(self):
return self._title
Globals.InitializeClass(Book)
# The actual external method
def GetBooks(self):
books=[]
books.append(Book('King Lear').__of__(self))
books.append(Book('Romeo and Juliet').__of__(self))
books.append(Book('The Tempest').__of__(self))
return books
% Anonymous User - Dec. 3, 2003 11:29 pm:
typo error in the above source code, line 3, missing 'i' for Acquisition:
^
from Acquistion import Implicit
^
More information about the ZDP
mailing list