Godefroid Chapelle <[EMAIL PROTECTED]> writes:

> Karl Anderson a écrit :

> > Another thing to keep in mind is that the ParsedXML *product* is a DOM
> > tree and a management interface around it.  The management interface
> > only gives you a convenient UI and a place to store a few bits that
> > the DOM doesn't know about (content type, namespace usage, etc.).
> > It's always more efficient to just use the DOM tree and related
> > utilities (parsing, printing), although it is less convenient - you
> > have to know a little bit more about what you're doing.  Do you need
> > each of those 2500 product instances?  See the createDOMDocument
> > method to create a DOM document without the management interface.
> >
> I am trying to use createDOMDocument, calling it from an external method:
> from Products.ParsedXML import ParsedXML
> def accessXml(document):
>     return ParsedXML.createDOMDocument(document)
> When using the document returned in a python script,  it seems that Zope
> security prevents me from accessing any DOM attributes.
> Am I doing something wrong or am I forced to do everything through external
> methods ?

The DOM objects without the ParsedXML management proxies don't have
any Zope security information associated with them, so you have to
provide it yourself.  This is one of the things that the management
proxies provide.

I didn't mean to sell the proxies short; I should have mentioned that
you have to know about providing the features youself that they
provide, including security, so this is an area for Zope experts.
I've added this to the README.  Furthermore, if you're just calling
methods on the Document node, without traversing to its subnodes,
you're really not paying much of a price; you're basically just
putting more function calls between you and the DOM object until you
access a DOM subobject.

I don't use the python scripts much, but they have very restricted
security, being web-edited and all.  So yes, one way to give access is
to use external methods.  Another way is to use a python product and
the security machinery available to you there.

The unproxied DOM objects are similar to any non-Zope aware python
class instances with regards to security; if you're unfamiliar with
it, I'd play around with some non-Zope aware dummy class instances,
with nested subinstances and attributes, until you know how to make
those objects and attributes publishable.

Karl Anderson                          [EMAIL PROTECTED]

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to