[Zope] Object permissions in External Methods with XML
J. Joy
kyroraz@yahoo.com
Tue, 9 Jul 2002 12:40:41 -0700 (PDT)
Okay... I've given this a few tries, but I can't quite seem to nail it down.
I can get to the initial object, but anything deeper and I run into more access restrictions. It
seems to be copying a reference rather than the material, so I might have to find a way to
explicitly copy the data from the one object to the other as equals doesn't seem to be the way to
do it.
This is what I have thus far:
---
import gnosis.xml.objectify as xp
from AccessControl import ClassSecurityInfo
from Acquisition import Implicit
import Globals
class Container(Implicit):
security = ClassSecurityInfo()
security.declareObjectPublic()
security.setDefaultAccess('allow')
security.declarePublic('xml_to_py')
def xml_to_py(self):
object = xp.XML_Objectify('/tmp/sample.xml')
returning = object._PyObject
## Here is one idea I had, put it into a object like info and then return it,
didn't work so well...
info = []
transport = Container()
info.append(returning)
return (returning)
def xml_to_py(self):
Globals.InitializeClass(Container)
xml_transport = Container()
print dir(xml_transport.xml_to_py())
print dir(xml_transport.xml_to_py().UserRequest)
return (xml_transport.xml_to_py().UserRequest)
Globals.InitializeClass(Container)
---
I've gone though the security documents, but I don't seem to be able to find anything special
about unsecuring such a issue specific to this case.
--- Chris McDonough <chrism@zope.com> wrote:
> You need to make security declarations on the *returned object*
> (which in this case is "object._PyObject". I dont have any idea
> what this is but what you probably want to do is return an instance
> of a class which has security declarations that *wraps* this
> object's methods.
__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com