[Zope-dev] security issue
Toby Gustafson
tobyg at tyrell.com
Thu Aug 14 05:35:53 EDT 2003
Hello,
I am having a problem accessing a function defined in a product I have
created and installed.
The product is called StoreEvent, and it was created using the
PloneMinimalInstall as a guide.
In the StoreEvent product is a file called StoreEvent, which contains a
function searchForStoreEvents. This function is outside of the StoreEvent
class which is also defined in the file.
I have created a page template which contains a form, and when the form
is submitted, a script is executed. From that script I try to call the
function with the lines:
from Products.StoreEvent import StoreEvent
...
storeEvents = StoreEvents.searchForStoreEvents(context, ...)
When I bring up the page and submit it, I get a popup asking me to enter a
username and password. When I cancel that, I get an error page with the
message "You are not allowed to access searchForStoreEvents in this
context".
I have read the security document at:
http://www.zope.org/Documentation/Books/ZDG/current/Security.stx
and have tried adding several things to my StoreEvent.__init__.py file,
such as:
modulesecurity = ModuleSecurityInfo()
modulesecurity.declarePublic( \
'Products.StoreEvent.searchForStoreEvents')
modulesecurity.apply(globals())
However, nothing seems to work. Anybody have any idea what I am doing
wrong.
Thanks in advance,
--Toby.
---------------------------
Toby Gustafson
Senior Software Engineer
Tyrell Software Corporation
Email: tobyg at tyrell.com
---------------------------
More information about the Zope-Dev
mailing list