[Zope-dev] security issue

Toby Gustafson tobyg at tyrell.com
Thu Aug 14 05:35:53 EDT 2003


Hello,

   I am having a problem accessing a function defined in a product I have
created and installed.

   The product is called StoreEvent, and it was created using the
PloneMinimalInstall as a guide.

   In the StoreEvent product is a file called StoreEvent, which contains a
function searchForStoreEvents.  This function is outside of the StoreEvent
class which is also defined in the file.

   I have created a page template which contains a form, and when the form
is submitted, a script is executed.  From that script I try to call the
function with the lines:

   from Products.StoreEvent import StoreEvent

   ...

   storeEvents = StoreEvents.searchForStoreEvents(context, ...)

When I bring up the page and submit it, I get a popup asking me to enter a
username and password.  When I cancel that, I get an error page with the
message "You are not allowed to access searchForStoreEvents in this
context".

I have read the security document at:

   http://www.zope.org/Documentation/Books/ZDG/current/Security.stx

and have tried adding several things to my StoreEvent.__init__.py file,
such as:

   modulesecurity = ModuleSecurityInfo()
   modulesecurity.declarePublic( \
                     'Products.StoreEvent.searchForStoreEvents')
   modulesecurity.apply(globals())

However, nothing seems to work.  Anybody have any idea what I am doing
wrong.

Thanks in advance,
--Toby.
---------------------------
Toby Gustafson
Senior Software Engineer
Tyrell Software Corporation
Email: tobyg at tyrell.com
---------------------------





More information about the Zope-Dev mailing list