[Zope-dev] how to add to the pythonscript allowed import list?

Chris McDonough chrism@digicool.com
Thu, 19 Apr 2001 14:15:20 -0400 

This may help:

http://www.zope.org/Documentation/ZDG/Security.dtml (see Using
ModuleSecurityInfo Objects)

I think it will be something along the lines of:

from AccessControl import ModuleSecurityInfo
ModuleSecurityInfo('Products').declarePublic('SignedEditions')
ModuleSecurityInfo('Products.SignedEditions').declarePublic('stripCardNumber
', 'verifyCardNumber')


----- Original Message -----
From: "R. David Murray " <bitz@bitdance.com>
To: <zope-dev@zope.org>
Sent: Thursday, April 19, 2001 1:56 PM
Subject: [Zope-dev] how to add to the pythonscript allowed import list?


> I've got a little Product that does some init hacks.  One of the
> things I want to do is expose a couple of python fuctions such that
> they can be imported into pythonscripts.  After much spelunking in
> the mailing list and the PythonMethods wiki on zope.org, I *think*
> that what I need to do is something like this:
>
> ----------------------
> from AccessControl import ModuleSecurityInfo
>
> security = ModuleSecurityInfo()
>
> security.declarePublic('SignedEditions')
> security.declarePublic('stripCardNum','verifyCardNumber')
> from cccheck import stripCardNum, verifyCardNumber
>
> security.apply(globals())
> ----------------------
>
> Now, that SignedEditions one is my attempt to solve the following
> error message when I attempt to do 'from SignedEditions import
stripCardNum':
>
> Error Type: ImportError
> Error Value: import of "SignedEditions" is unauthorized
>
> However, it does not solve the problem.
>
> Hmm.  I just noticed that I forgot to prefix that with "Products.".
> Which would seem to make that error message a bug, since SignedEditions
> shouldn't exist in the import path.  If I do
>
> from Products.SignedEditions import stripCardNum
>
> then ZDebug tells me:
>
> Unauthorized: Access denied for &lt;module 'Products.SignedEditions' from
'/usr/local/zope/sites/signededitions/Products/SignedEditions/__init__.py'&g
t; because its container, &lt;module 'Products' from
'/usr/local/zope/Zope231b1/lib/python/Products/__init__.pyc'&gt;, has no
security assertions.
>
> What do I need to do to assert that it is OK to import from the
> SignedEditions product? The wiki does not seem to address this
> question at all, though it implies that it is possible, since it
> *does* talk about the above assertions to declare things *inside*
> the product as importable.
>
> (Oh, BTW, I tried changing 'security' to "ZopeSecurity", but that didn't
> seem to change the behavior).
>
> --RDM
>
>
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )
>