[Zope] Object permissions in External Methods

Chris McDonough chrism@zope.com
Tue, 9 Jul 2002 13:48:18 -0400


You need to make security declarations on the *returned object*
(which in this case is "object._PyObject".  I dont have any idea
what this is but what you probably want to do is return an instance
of a class which has security declarations that *wraps* this
object's methods.

----- Original Message -----
From: "J. Joy" <kyroraz@yahoo.com>
To: "Chris McDonough" <chrism@zope.com>; <zope@zope.org>
Sent: Tuesday, July 09, 2002 1:41 PM
Subject: Re: [Zope] Object permissions in External Methods


> Thanks Chris,
>
> But every example that I have seen thus far has the method
enclosed in a class.  I'm not quite
> sure how to call these methods in the classes from a External
Method screen, so that I can call
> it.
>
> I've tried Class.Method, but it doesn't seem to want to do that,
e.g.
>
> ---
>
> import gnosis.xml.objectify as xp
> from AccessControl import ClassSecurityInfo
> from Acquisition import Implicit
> import Globals
>
> ## Security Lines here in regards to Class Foo
>
> Class Foo(Implicit):
>
>   def xml_to_py(self):
>     object = xp.XML_Objectify('/tmp/sample.xml')
>     returning = object._PyObject
>
>     return (returning)
>
> ---
>
> Any ideas?
>
> Jason
>
>
> > > --
>
>
>
> --- Chris McDonough <chrism@zope.com> wrote:
> > You need to put "security declarations" on the instance that you
> > return for it to be able to be used by "untrusted code" like
DTML
> > and Python scripts.  For more info, see the Zope developer's
guide
> > security chapter at
> > http://www.zope.org/Documentation/ZDG/Security.stx .
> >
> > ----- Original Message -----
> > From: "J. Joy" <kyroraz@yahoo.com>
> > To: <zope@zope.org>
> > Sent: Monday, July 08, 2002 5:25 PM
> > Subject: [Zope] Object permissions in External Methods
> >
> >
> > > I'm not quite sure how to do this, and the documentation that
I
> > have been browsing through hasn't
> > > been all that helpful, so I hope someone out here can help me
with
> > this seemingly simple
> > > situation.
> > >
> > > I want to read an XML file (currently read as a textfile, but
will
> > be passed as a parameter) and
> > > then change it into a Python Object where one can then dtml-in
> > through the Heirarchy of the
> > > Document... this is what I have...
> > >
> > >
> > > --
> > > import gnosis.xml.objectify as xp
> > > from AccessControl import ClassSecurityInfo
> > > from Acquisition import Implicit
> > > import Globals
> > >
> > >
> > > def xml_to_py(self):
> > > object = xp.XML_Objectify('/tmp/sample.xml')
> > > returning = object._PyObject
> > >
> > > return (returning)
> > > --
> > >
> > > Whenever I run this, I keep getting an unauthorized error with
no
> > acceptable login correcting
> > > this.  I've run into this before, but it was only fixed when I
> > redefined an object that I have
> > > created before, not something that is pushed out from a
library
> > like this.
> > >
> > > Suggestions?
> > >
> > > Jason
> > >
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Sign up for SBC Yahoo! Dial - First Month Free
> > > http://sbc.yahoo.com
> > >
> > >
> > > _______________________________________________
> > > Zope maillist  -  Zope@zope.org
> > > http://lists.zope.org/mailman/listinfo/zope
> > > **   No cross posts or HTML encoding!  **
> > > (Related lists -
> > >  http://lists.zope.org/mailman/listinfo/zope-announce
> > >  http://lists.zope.org/mailman/listinfo/zope-dev )
> > >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Sign up for SBC Yahoo! Dial - First Month Free
> http://sbc.yahoo.com
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>