[Zope-dev] how to add to the pythonscript allowed import list?

R. David Murray bitz@bitdance.com
Thu, 19 Apr 2001 15:59:31 -0400 (EDT)


On Thu, 19 Apr 2001, Chris McDonough wrote:
> http://www.zope.org/Documentation/ZDG/Security.dtml (see Using
> ModuleSecurityInfo Objects)
> 
> I think it will be something along the lines of:
> 
> from AccessControl import ModuleSecurityInfo
> ModuleSecurityInfo('Products').declarePublic('SignedEditions')
> ModuleSecurityInfo('Products.SignedEditions').declarePublic('stripCardNumber
> ', 'verifyCardNumber')

Thanks, that worked!

I'm going to file a collector report on that misleading error message.

Also, I did read stuff very similar to the text you pointed me to above,
in the PythonMethods wiki.  Clearly, it did *not* tell me as a developer
how to do what the text is saying it is telling me how to do: make it
so I can import a function in a pythonscript.  So I think you should
add a note about the need for the ModuleSecurityInfo('Products').declarePublic
call, and incorporate it into the example (or another example).

Also, the text makes a distinction between marking "external" modules
and marking "embedded" modules.  The former uses the spelling above,
the latter the "security = ModuleSecurityInfo()" spelling.  As far as
I can see, what I am doing is the *latter* case, and what I tried
naively following the directions did not work, but this external
spelling did.  So something needs to be clarified there, as well.

I've filed this as a tracker comment on the ZDG, as well.

--RDM