[ZPT] using TALES expressions elsewhere

Evan Simpson evan@zope.com
Fri, 05 Oct 2001 14:56:41 -0400


Martijn Faassen wrote:

 > python: field.my_python_script()
 >
 > This works just fine. Now I have attempted the same, but as  anonymous
 > while anonymous had no permission to 'view'  my_python_script, to make
 > sure the security issues are okay.
 >
 > Error Value: exceptions.AttributeError on my_python_script in ""
 >
 > File Python expression "field.my_python_script()", line 2, in f (Object:
 >  guarded_getattr) File
 > /home/faassen/XMLZope/lib/python/AccessControl/ZopeGuards.py, line 120,
 >  in guarded_getattr (Object: sf)

This is the security machinery trying to apply the the principle "if you 
aren't allowed to see it, we should just tell you it isn't there".  It 
fails, unfortunately, since the traceback gives the game away.

Cheers,

Evan @ Zope