Re: [Zope] How to use ZPT with ad-hoc context?
Monday, May 4, 2009, 9:18:52 PM, Hedley Roos wrote: >>> __allow_access_to_unprotected_subobjects__ = 1 >> >> That indeed works, thanks! >> >>> You probably should not use that line too often :) >> >> I would prefer doing it correctly/safely, but is there a way? Because >> it even exposes the unprotected subobjects of the acquired objects... >> sounds a bit scary to me. > > I don't know what your use case is, but you could either: > 1) Expose attributes through methods on your Adhoc class > 2) Use a browser view, which is what I'd do. The use-case is that there is a product that collects information from other objects, depending on the current user and on query parameters, and that collected information should be present as a HTML page... so I think 1) won't work here. Regarding 2), I don't know this "browser view" thing, but I recon that's a Five/Zope 3 feature, is it? Because unfortunately it's a messy 2.7.6 + Plone 2.0 instance here, and it's not like I can migrate it before the current job is done. > Hedley > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) -- Best regards, Daniel Dekany ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How to use ZPT with ad-hoc context?
>> __allow_access_to_unprotected_subobjects__ = 1 > > That indeed works, thanks! > >> You probably should not use that line too often :) > > I would prefer doing it correctly/safely, but is there a way? Because > it even exposes the unprotected subobjects of the acquired objects... > sounds a bit scary to me. I don't know what your use case is, but you could either: 1) Expose attributes through methods on your Adhoc class 2) Use a browser view, which is what I'd do. Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How to use ZPT with ad-hoc context?
Monday, May 4, 2009, 11:59:21 AM, Hedley Roos wrote: > Daniel Dekany wrote: >> How to create a template context ("here" inside ZPT) that is not an >> object from the ZODB, just a temporary object? This is what I tried: >> >> class AdhocContext(Implicit): >> pt = PageTemplateFile("whatever/path", globals()) >> ... >> >> MyZopeProduct: >> >> def whatever(self): >> "Test" >> ctx = AdhocContext().__of__(self) >> return ctx.pt() >> >> The problem I have with this is that I can't access anything in >> AdhocContext from the ZPT because the security manager blocks it (I >> didn't forget to security.declarePublic + document what I wanted to >> access). Is there a simple trick to solve this? (BTW, I will need to >> invoke some Plone macros from that ZPT too... I hope that will just >> work if this security matter is solved.) >> > > > You don't have to create the page template as an attribute of a class. > You can declare it as a local variable > > pt = ZopeTwoPageTemplateFile('template.pt') > > and then do > > extra_context = {'context': some_context} > html = pt.pt_render(extra_context=extra_context) > > The context variable in your template will then be what you want it to be. For some reason doing that results in "'str' object is not callable" error... but I didn't dig into it much, as using the pt as attribute of the context class is not an issue for me. > If you still encounter security problems then add this line directly > after you declare class AdhocContext > > __allow_access_to_unprotected_subobjects__ = 1 That indeed works, thanks! > You probably should not use that line too often :) I would prefer doing it correctly/safely, but is there a way? Because it even exposes the unprotected subobjects of the acquired objects... sounds a bit scary to me. > Hedley > > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) -- Best regards, Daniel Dekany ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How to use ZPT with ad-hoc context?
Daniel Dekany wrote: > How to create a template context ("here" inside ZPT) that is not an > object from the ZODB, just a temporary object? This is what I tried: > > class AdhocContext(Implicit): > pt = PageTemplateFile("whatever/path", globals()) > ... > > MyZopeProduct: > > def whatever(self): > "Test" > ctx = AdhocContext().__of__(self) > return ctx.pt() > > The problem I have with this is that I can't access anything in > AdhocContext from the ZPT because the security manager blocks it (I > didn't forget to security.declarePublic + document what I wanted to > access). Is there a simple trick to solve this? (BTW, I will need to > invoke some Plone macros from that ZPT too... I hope that will just > work if this security matter is solved.) > You don't have to create the page template as an attribute of a class. You can declare it as a local variable pt = ZopeTwoPageTemplateFile('template.pt') and then do extra_context = {'context': some_context} html = pt.pt_render(extra_context=extra_context) The context variable in your template will then be what you want it to be. If you still encounter security problems then add this line directly after you declare class AdhocContext __allow_access_to_unprotected_subobjects__ = 1 You probably should not use that line too often :) Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )