[ZPT] using TALES expressions elsewhere
Evan Simpson
evan@zope.com
Fri, 05 Oct 2001 14:56:41 -0400
Martijn Faassen wrote:
> python: field.my_python_script()
>
> This works just fine. Now I have attempted the same, but as anonymous
> while anonymous had no permission to 'view' my_python_script, to make
> sure the security issues are okay.
>
> Error Value: exceptions.AttributeError on my_python_script in ""
>
> File Python expression "field.my_python_script()", line 2, in f (Object:
> guarded_getattr) File
> /home/faassen/XMLZope/lib/python/AccessControl/ZopeGuards.py, line 120,
> in guarded_getattr (Object: sf)
This is the security machinery trying to apply the the principle "if you
aren't allowed to see it, we should just tell you it isn't there". It
fails, unfortunately, since the traceback gives the game away.
Cheers,
Evan @ Zope