This may help: (see Using
ModuleSecurityInfo Objects)

I think it will be something along the lines of:

from AccessControl import ModuleSecurityInfo
', 'verifyCardNumber')

----- Original Message -----
From: "R. David Murray " <[EMAIL PROTECTED]>
Sent: Thursday, April 19, 2001 1:56 PM
Subject: [Zope-dev] how to add to the pythonscript allowed import list?

> I've got a little Product that does some init hacks.  One of the
> things I want to do is expose a couple of python fuctions such that
> they can be imported into pythonscripts.  After much spelunking in
> the mailing list and the PythonMethods wiki on, I *think*
> that what I need to do is something like this:
> ----------------------
> from AccessControl import ModuleSecurityInfo
> security = ModuleSecurityInfo()
> security.declarePublic('SignedEditions')
> security.declarePublic('stripCardNum','verifyCardNumber')
> from cccheck import stripCardNum, verifyCardNumber
> security.apply(globals())
> ----------------------
> Now, that SignedEditions one is my attempt to solve the following
> error message when I attempt to do 'from SignedEditions import
> Error Type: ImportError
> Error Value: import of "SignedEditions" is unauthorized
> However, it does not solve the problem.
> Hmm.  I just noticed that I forgot to prefix that with "Products.".
> Which would seem to make that error message a bug, since SignedEditions
> shouldn't exist in the import path.  If I do
> from Products.SignedEditions import stripCardNum
> then ZDebug tells me:
> Unauthorized: Access denied for &lt;module 'Products.SignedEditions' from
t; because its container, &lt;module 'Products' from
'/usr/local/zope/Zope231b1/lib/python/Products/__init__.pyc'&gt;, has no
security assertions.
> What do I need to do to assert that it is OK to import from the
> SignedEditions product? The wiki does not seem to address this
> question at all, though it implies that it is possible, since it
> *does* talk about the above assertions to declare things *inside*
> the product as importable.
> (Oh, BTW, I tried changing 'security' to "ZopeSecurity", but that didn't
> seem to change the behavior).
> --RDM
> _______________________________________________
> Zope-Dev maillist  -  [EMAIL PROTECTED]
> **  No cross posts or HTML encoding!  **
> (Related lists -
> )

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to