[Zope] Security?

Goldthwaite, Joe joe at goldthwaites.com
Mon Dec 1 15:45:01 EST 2003 

Well, I don't know if it's progress but I think my questions are getting
more specific.

I downloaded the mx.ODBC routines for Python 2.1.3.  I can now start the
python interpreter in the WebSite\bin directory and type "import mx.ODBC"
without getting an error.

I next tried to create a limited python script;

from Products.EIS import ISLines
c = ISLines()
return "c"

I'm just returning the literal "c" on purpose because my page template can't
handle the ISLines yet.  In my Income Statement ZPT I have this line;

<p tal:replace="python:here.IncomeStatementScript()"></p>

When I try to display the ZPT, I get the Zope logon dialog box.  I only have
one login and it doesn't' work so I just hit cancel and get "Your are not
allowed to access EIS in this context".  (I had placed the ISLines.py file
in my Products/EIS directory.)

After that, I decided to try external modules.  I added this wrapper
function to my ISLines.py module;

def GetISLines():
   c = ISLines()
   return "c"

Again, I put the literal "c" there to make sure I was calling things
correctly.  I moved the ISLines.py file to the Extensions directory and
created a GetISLines external method referencing the new function in Zope
root folder.   I tested it and got the "c" back.  Next, I put this line in
my IncomeStatment ZPT;

<p tal:replace="python:here.GetISLines()"></p>

When I test it, I get the "c" back.  Interestingly, there was also pause of
about the amount of time it takes to run ISLines and build the Income
Statement lines.  I thought I was almost there.  The next step was to return
the actual object and print out the number of lines returned.  I modified
the 'return "c"' line to 'return c'.  Now when I run it, I get "<? ISLines
instance at 014879EC>" so I know I'm now returning my object.  Finally I try
to reference my list if lines by printing the length like this;

<p tal:replace="python:len(here.GetISLines().DefLines)"></p>

Deflines is a list of income statement line objects. I go to refresh and I
get the Logon dialog again!  #$%@ &@#% &^@$!!!!  Sorry, I don't usually use
that kind of language but I seem to be shooting at the wrong target. It's no
wonder I can't hit anything.

More information about the Zope mailing list