[Zope-dev] can you import a Product into a python script ?

Steve Spicklemire steve@spvi.com
Fri, 03 Aug 2001 15:49:02 -0500 

Hi Simon,

	There are instructions in the 2.4.0 release of Python Scripts that explain how
to make any module 'safe' to import/execute. I'm pretty sure they are not very
2.4.0 specific (except possibly for the allow_module function, given below)

'''Examples for enabling Script import

This file contains example code that can be used to make various
standard Python modules available to Scripts.

In order to use the example code, create a directory called
"MyScriptModules", or something equally descriptive, in your
Zope's "Products" directory.  Copy this file to a file called
"__init__.py" in the new directory.  Edit the new file,
uncommenting the block of code for each module that you want to
make available for import by Scripts.

You can, of course, add your own code to your "__init__.py" for
modules that are not listed below.  The list is not comprehensive,
but is provided as a decent cross-section of modules.
'''

from Products.PythonScripts.Utility import allow_module, allow_class
from AccessControl import ModuleSecurityInfo, ClassSecurityInfo
from Globals import InitializeClass


# These modules are pretty safe


# allow_module('base64')

# allow_module('binascii')

# allow_module('bisect')

# allow_module('colorsys')

# allow_module('crypt')


# Only parts of these modules should be exposed

.....  and on and on.. 

Utility.py:

from AccessControl import ModuleSecurityInfo, ClassSecurityInfo
from Globals import InitializeClass
import string

def allow_module(module_name):
    """Allow a module and all its contents to be used from a
    restricted Script. The argument module_name may be a simple
    or dotted module or package name. Note that if a package
    path is given, all modules in the path will be available."""
    ModuleSecurityInfo(module_name).setDefaultAccess(1)
    dot = string.find(module_name, '.')
    while dot > 0:
        ModuleSecurityInfo(module_name[:dot]).setDefaultAccess(1)
        dot = string.find(module_name, '.', dot + 1)


-steve

Simon Michael wrote:
> 
> Python scripts are super-cool.. except I can never do what I want.
> Safety, shmafety.
> 
> Am I right in thinking the following can't work ?
> 
> ## Script (Python) "zwiki_tests"
> ##bind container=container
> ##bind context=context
> ##bind namespace=
> ##bind script=script
> ##bind subpath=traverse_subpath
> ##parameters=
> ##title=
> ##
> # run ZWiki test suite via simple through-the-web test runner
> 
> from Products import ZWiki
> return ZWiki.tests.run()
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )