[Zope-dev] security issue
Dieter Maurer
dieter at handshake.de
Thu Aug 14 21:30:40 EDT 2003
Toby Gustafson wrote at 2003-8-14 04:35 -0700:
> ...
> I am having a problem accessing a function defined in a product I have
> created and installed.
> ...
> From that script I try to call the
> function with the lines:
>
> from Products.StoreEvent import StoreEvent
>
> ...
>
> storeEvents = StoreEvents.searchForStoreEvents(context, ...)
>
> ...
> "You are not allowed to access searchForStoreEvents in this
> context".
>
> I have read the security document at:
>
> http://www.zope.org/Documentation/Books/ZDG/current/Security.stx
>
> and have tried adding several things to my StoreEvent.__init__.py file,
> such as:
>
> modulesecurity = ModuleSecurityInfo()
> modulesecurity.declarePublic( \
> 'Products.StoreEvent.searchForStoreEvents')
> modulesecurity.apply(globals())
"ModuleSecurityInfo" is quite complex. I do not understand it completely.
However, I see one error in your code: in your "declarePublic",
one "StoreEvent" is missing.
Your "seachForStoreEvents" is at
'Products.StoreEvent.StoreEvent.searchForStoreEvents'
> However, nothing seems to work. Anybody have any idea what I am doing
> wrong.
The "AccessControl.allow_module" may be simpler to use
(however, it make available the complete module content).
Dieter
More information about the Zope-Dev
mailing list