[Zope] Authentication Problem : External method returning object :
Zope 2.2.4
Tres Seaver
tseaver@digicool.com
Thu, 07 Dec 2000 22:03:57 -0500
Sean McGrath <sean.@propylon.com> wrote:
> All,
>
> I'm just a country boy raised on mashed potatoes and Zope 2.1.6.
> The new security model up here in the bright lights/big city world
> of Zope 2.2.4 has me all confused:-)
>
> I have an external method that returns an object. I have a dtml method
> that tries to reference an attribute of that object. The attempted
> attribute reference causes the HTTP authenticate dialog to appear.
> No username/password seems to appease it.
>
> Here is the relevant part of the DTML:
>
> <dtml-call "REQUEST.set('foo',testexternal(REQUEST,RESPONSE))">
> <dtml-var "foo.X">
>
> Here is the external method "testexternal":
You need to tell Zope's security policy that untrusted code can read the
attributes of instances of AClass, like so:
> class AClass:
__allow_access_to_unprotected_subobjects__ = 1
> def __init__(self):
> self.X = 1
> self.Y = 2
>
>
> def testexternal (self,REQUEST,RESPONSE):
> A = AClass()
> return A
>
> Thanks in advance,
> Sean McGrath
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org