[Zope] Re: Module security assertions fail
Josef Meile
jmeile at hotmail.com
Sun May 2 11:37:51 EDT 2004
Hi Matt,
thanks for your reply. I think what you said sounds convincent, but:
> I think the first case (TALES syntax) actually tries to *call* the
> modules TranslationUtils, whereas the latter (python syntax) doesn't
--
> it just references it. I think if you add a 'nocall' statement to the
> first case it will do what you want e.g.:
>
> <span tal:define="TranslationUtils
> nocall:modules/Products/JMUtils/TranslationUtils;">
> Something comes here
> </span>
This must be said on the zope book as well. On section python modules:
http://zope.org/Documentation/Books/ZopeBook/2_6Edition/AdvZPT.stx
You see that they import the module string as mstring then use the join
method. They don't use the nocall statement, so I think with an own
module should be the same. However, I read a little bit before this
section and saw what you mean. I tried to do it as well and it didn't
work either. The same Unauthorized exception was raised.
Here is a small test case I did:
---->$Home_Instance/Products/FooContainer/FooPackage.py:
from AccessControl import ModuleSecurityInfo
#This three lines where suggested by Dieder.
#I tried different versions and I got the same results
security=ModuleSecurityInfo('Products.FooContainer.FooPackage')
ModuleSecurityInfo('Products').declarePublic('FooContainer')
ModuleSecurityInfo('Products.FooContainer').declarePublic('FooPackage')
security.declarePublic('foo')
def foo():
"""This is only a test"""
return "Just a test function"
security.apply(globals())
---->$Home_Instance/Products/FooContainer/__init__.py
__doc__='''FooPackage'''
__version__='0.1'
#Here I'm importing the module, so that the security
#declarations are excecuted (Suggested by Dieter)
from Products.FooContainer import FooPackage
---->$Home_Instance/Products/FooProduct/FooProduct.py
__doc__="""FooProduct module."""
__version__='0.1'
from Globals import InitializeClass
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from AccessControl import ClassSecurityInfo
from OFS.SimpleItem import SimpleItem
manage_addFooProductForm=PageTemplateFile('zpt/FooProduct_Add',globals())
manage_addFooProductForm._owner=None
def manage_addFooProduct(self,id,title='',REQUEST=None,submit=None):
"""Invoques the __init__ method of the FooProduct class"""
fooProductObj=FooProduct(id,title)
self._setObject(id,fooProductObj)
return 'Object created'
class FooProduct(SimpleItem):
"""FooProduct class definition"""
security=ClassSecurityInfo()
meta_type='FooProduct'
#manage_options=SimpleItem.manage_options
def __init__(self,id,title=''):
"""Contructor method to initialize the class properties"""
self.id=id
self.title=title
InitializeClass(FooProduct)
---->$Home_Instance/Products/FooProduct/__init__.py
__doc__="""FooProduct initialization module."""
__version__='0.1'
from FooProduct import FooProduct, manage_addFooProductForm,
manage_addFooProduct
from Products.FooContainer import FooPackage
def initialize(context):
try:
context.registerClass(FooProduct,
constructors=(
manage_addFooProductForm,
manage_addFooProduct,
),
icon='images/icon.gif',
)
except:
from sys import exc_info, stderr
from traceback import format_exception
from string import join
type,val,tb=exc_info()
stderr.write(join(format_exception(type, val, tb),''))
del type,val,tb
---->$Home_Instance/Products/FooProduct/zpt/FooProduct_Add.zpt
<p tal:replace="structure here/manage_page_header">Default Header</p>
<h4 tal:define="pageTitleScript
python:here.manage_form_title(here,request,
form_title='Add
FooProduct')"
tal:replace="structure pageTitleScript">Add myClass
</h4>
<div tal:define="FooPackage
nocall:modules/Products/FooContainer/FooPackage;
fooVar python:FooPackage.foo()"
tal:replace="fooVar">Using FooPackage</div>
<p class="form-help">
Optional fields are written in <b><i>italic</i></b>
</p>
<form action="someAction" method="post" enctype="multipart/form-data"
tal:define="formAction python:'manage_addFooProduct'"
tal:attributes="action formAction">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
<td align="left" valign="top">
<div class="form-label">Id</div>
</td>
<td align="left" valign="top">
<input type="text" name="id" size="40">
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-optional">Title</div>
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40">
</td>
</tr>
<tr>
<td align="left" valign="top"></td>
<td align="left" valign="top">
<input class="form-element" type="submit" name="submit"
value=" Add ">
</td>
</tr>
</table>
</form>
<p tal:replace="structure here/manage_page_footer">Default Footer</p>
---->End
If somebody gets it working with the tales sintax:
<div tal:define="FooPackage
nocall:modules/Products/FooContainer/FooPackage;
fooVar python:FooPackage.foo()"
tal:replace="fooVar">Using FooPackage</div>
and not with the python one:
<div tal:define="FooPackage
python:modules['Products.FooContainer.FooPackage'];
fooVar python:FooPackage.foo()"
tal:replace="fooVar">Using FooPackage</div>
Just let me know. Otherwise, I'd think it's a bug and will reported it
to the collector. One thing to remmember: If you try it with the python
sintax and revert the changes on the zpt template without restarting
zope, it will work. So, you will have to restart zope for each test.
Regards,
Josef Meile
More information about the Zope
mailing list