[Zope] object attribute access in zpt
J Cameron Cooper
jccooper at jcameroncooper.com
Fri Feb 27 22:26:53 EST 2004
zope at netchan.cotse.net wrote:
>Let 'pdate' be a python datetime object. I can do this:
>'tal:attribute="value python:now"'
>However if I try to print out an attribute of 'now', like
>'tal:attributes="value python:pdate.year"', I get a login prompt and the
>page fails with the following message:
>[...]
> * Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
> __traceback_info__: pdate.year
> * Module Python expression "pdate.year", line 1, in <expression>
>
>Unauthorized: You are not allowed to access 'year' in this context
>
>Anyone know how to avoid this?
>
Datetime is "untrusted" code. You must either tell Zope that you trust
it, do this in an External Method where TTW restrictions don't apply, or
use the alternate DateTime/ZopeTime.
--jcc
--
"He who fights with monsters should look to it that he himself does not become a monster. And when you gaze long into an abyss the abyss also gazes into you."
More information about the Zope
mailing list