Tom Von Lahndorff wrote at 2007-6-15 11:45 -0400:
><dtml-let news="newsfeed(feedurl=' 
><dtml-var "news.feed.href">
>Site Error
>An error was encountered while publishing this resource.
>Error Type: Unauthorized
>Error Value: You are not allowed to access 'feed' in this context
> ...
>If the error persists please contact the site maintainer. Thank you  
>for your patience.
>Traceback (innermost last):
>     * Module ZPublisher.Publish, line 115, in publish
>     * Module ZPublisher.mapply, line 88, in mapply
>     * Module ZPublisher.Publish, line 41, in call_object
>     * Module OFS.DTMLMethod, line 144, in __call__
>       <DTMLMethod at /feeds/nprnews.html>
>       URL: http://localhost:8080/feeds/nprnews.html/manage_main
>       Physical Path:/feeds/nprnews.html
>     * Module DocumentTemplate.DT_String, line 476, in __call__
>     * Module DocumentTemplate.DT_Let, line 76, in render
>     * Module DocumentTemplate.DT_Util, line 196, in eval
>       __traceback_info__: news
>     * Module <string>, line 1, in <expression>
>Unauthorized: You are not allowed to access 'feed' in this context

It is likely that the object looks like a dictionary (it uses
a string representation like that of a true 'dict') but it is not
a proper dictionary (but rather some instance of a class).

Zope's restricted code treats proper dictionaries as unprotected
(like it does for lists and tuples) but requires special
security declarations for instances to be accessible in untrusted

A solution for you might be to convert the RSS data into
a proper dictionary. How this works in detail depends
on the instance at hand. If it implementes an "items" method,
then "dict(instance.items())" would do it.

Note that substructures, too, may look like Python types
but are in fact instances. In this case, you would need
to convert such substructures as well (similar to the
top level object).

Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to