Re: [Zope-dev] Re: Grrr... Python Scripts
Chris McDonough wrote:
Here Chris, I'll try to solve your pain (untested):
from AccessControl import ModuleSecurityInfo
ModuleSecurityInfo('Products').declarePublic('Catalog')
ModuleSecurityInfo('Products.Catalog').declarePublic('CatalogError')
Could that we added to PythonScripts/standard.py so I don't have to do it all
the time?
Is it a patch worthy of the collector? ;-)
cheers,
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Grrr... Python Scripts
We actually need to do something to make a whole bunch of default stuff
importable and usable from within Python Scripts, it's just a matter of
which modules/classes to add security declarations for. It's also a
matter of when, and who. This needs to go through the fishbowl,
likely. Now if only we could manufacture some more time...
- C
Chris Withers wrote:
Chris McDonough wrote:
Here Chris, I'll try to solve your pain (untested):
from AccessControl import ModuleSecurityInfo
ModuleSecurityInfo('Products').declarePublic('Catalog')
ModuleSecurityInfo('Products.Catalog').declarePublic('CatalogError')
Could that we added to PythonScripts/standard.py so I don't have to do it all
the time?
Is it a patch worthy of the collector? ;-)
cheers,
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Grrr... Python Scripts
Chris McDonough wrote: We actually need to do something to make a whole bunch of default stuff importable and usable from within Python Scripts, it's just a matter of which modules/classes to add security declarations for. Maybe this could be bundled into the RestrictedPython work? It's also a matter of when, and who. This needs to go through the fishbowl, likely. Now if only we could manufacture some more time... There's a feeling I know too well :-S cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Grrr... Python Scripts
Chris Withers wrote: Maybe this could be bundled into the RestrictedPython work? I think it needs to be its own project... the RestrictedPython work is being done at a much lower level than this. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Grrr... Python Scripts
From: Chris Withers [EMAIL PROTECTED] Could that we added to PythonScripts/standard.py so I don't have to do it all the time? This is just part of a general security review that needs to happen. I suppose we need a place to collect suggestions about objects that ought to be exposed to restricted Python. Cheers, Evan @ digicool ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Grrr... Python Scripts
Evan Simpson wrote: Use the same security process as providing access to anything Zope doesn't already expose. Wgh! :~( We should expose exceptions like this by default, but we haven't yet. Sorry. No worries, where should I be looking to implement this? Woudl a patch eb likely to make it into the next version? If so, what exceptions should be exposed? My list so far: Exception (all the default Python ones would be cool, dunno if theyr'e in there already...) CatalogError sys.exc_type sys.exc_value Any others? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Grrr... Python Scripts
Here Chris, I'll try to solve your pain (untested):
from AccessControl import ModuleSecurityInfo
ModuleSecurityInfo('Products').declarePublic('Catalog')
ModuleSecurityInfo('Products.Catalog').declarePublic('CatalogError')
It's not so bad.
- C
- Original Message -
From: Chris Withers [EMAIL PROTECTED]
To: Evan Simpson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, May 08, 2001 9:02 AM
Subject: Re: [Zope-dev] Re: Grrr... Python Scripts
Evan Simpson wrote:
Use the same security process as providing access to anything Zope
doesn't
already expose.
Wgh! :~(
We should expose exceptions like this by default, but we
haven't yet. Sorry.
No worries, where should I be looking to implement this? Woudl a patch eb
likely
to make it into the next version?
If so, what exceptions should be exposed?
My list so far:
Exception (all the default Python ones would be cool, dunno if theyr'e in
there
already...)
CatalogError
sys.exc_type
sys.exc_value
Any others?
cheers,
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Grrr... Python Scripts
From: Chris Withers [EMAIL PROTECTED] Where should I import CatalogError from? And _please_ don't tell me I have to go through some convoluted security process to do this :-( # After adding security decls from Catalog import CatalogError Use the same security process as providing access to anything Zope doesn't already expose. We should expose exceptions like this by default, but we haven't yet. Sorry. Cheers, Evan @ digicool ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
