-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kirk Strauser wrote: > My company has a Zope server that has no editing rights for external > persons - only employees have management permissions. We also have a > company-specific hierarchy of several hundred Python modules that I'd like > to access from Zope. Rather than modifying each and every module as per > the instructions in the "Security" chapter of the ZDG, is there a way to > say "allow the import of any module inside this part of $PYTHONPATH"? > > Oh, for those curious: part of the reason for moving code from Zope Python > scripts and into filesystem code is that my company has officially adopted > Python as our new development platform for new projects. I'm cranking out > thousands of lines of code, and the Windows guys are tweaking it to run > under IronPython. The end goal is to have a library of code that runs > under Unix, Windows, Mac, or wherever else we might want to explore, and > then to write frontends to that library in whatever seems appropriate to > the task. For example, new web apps will be written with Zope calling > those modules. New GUI apps will be written with Visual Studio calling > those modules. Yay Zope and Python! You're what broke us away from vendor > lock-in!
The most straighforward hack to do what you want would be to monkey-patch 'AccessControl.ZopeGuards.guarded_import', which is the function that does the current checking. Slightly less hackish would be to mutate the security policy, whose 'validate' method is responsible for checking the policy. By default, Zope uses the 'C' version of the security policy, which can't be monkey-patched. However, your *best* bet is to implement your Zope applications as filesystem-based products, rather than in "untrusted" code (Python scripts). At that point, the modules are easily importable. You can arrange for the filesystem products to expose any features which are needed (e.g., by PageTemplates). Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v188.8.131.52 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt4mT+gerLs4ltQ4RAlB8AJ9+KxyFBOIsoFyQ8XvA/NgAPqnXbgCglhA1 NX/zejgB/eJUi0N0SXBpdZk= =K3Qc -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )