[Zope] Problem with adding importable modules

Chris McDonough chrism@zope.com
Thu, 21 Mar 2002 18:05:43 -0500 

Hi David,

All objects that you work with in Python Scripts must have security
declarations.  In this case, the object that is returned by
getSampleStyleSheet has no security declarations associated with it, so it
can't be accessed.

I'd suggest in this case using an External Method (which do not apply the
same security restrictions as Python Scripts), because associating all of
the things that you *may* want to work with out of an external library with
security declarations is really painful.

- C


----- Original Message -----
From: "David Thibault" <dthibault@esperion.com>
To: <zope@zope.org>
Sent: Thursday, March 21, 2002 5:05 PM
Subject: [Zope] Problem with adding importable modules


> Hello all,
>
> I have a problem regarding allowing the import of extra modules.  I've
found
> various examples (like the "Allowing Import of Modules" in the Zope online
> help) and a mailing list item entitled "Import Libraries into Python
Script"
> (http://lists.zope.org/pipermail/zope-dev/2001-February/009531.html), but
> these aren't helping me.  I'm still getting this error.
>
> I'm trying to use the Reportlab toolkit from within a Zope script (NOT an
> external method).  I DON'T want to just import the whole Reportlab
toolkit,
> because within that toolkit there are sys and os sections with what appear
> to contain very dangerous items.  Therefore, I'm following more along the
> lines of the help in the Zope online help.  I created a folder called
> MyScriptModules in $ZOPE/lib/python/Products/.  The __init__.py file
therein
> looks like this:
>
> -------------contents of __init__.py-------------------------------------
> from Products.PythonScripts.Utility import allow_module, allow_class
> from AccessControl import ModuleSecurityInfo, ClassSecurityInfo
> from Globals import InitializeClass
> from reportlab import platypus
> from reportlab.lib import colors, enums, pagesizes, styles, units
> from reportlab.pdfgen.canvas import Canvas
> allow_class(Canvas)
> allow_class(platypus)
> allow_class(colors)
> allow_class(enums)
> allow_class(pagesizes)
> allow_class(styles)
> allow_class(units)
> ModuleSecurityInfo('reportlab').declarePublic('platypus')
>
ModuleSecurityInfo('reportlab.lib').declarePublic('colors','enums','pagesize
> s','
> styles','units')
> ModuleSecurityInfo('reportlab.pdfgen.canvas').declarePublic('Canvas')
> -------------end __init__.py contents---------------------------------
>
> I only wanted to import the bare essentials of my current program and some
> other classes that looked harmless but useful (like colors, enums, etc).
I
> first started with ReportLab by creating a shell-based python script,
which
> ran perfectly and created my PDF file.  Now I'm porting it to Zope and I'm
> getting errors.  Here's a curtailed example of the script.  This short
> example creates the same error I'm getting in the full version of the
> script:
>
> ------------begin sample problem script-----------------------------
> #_______DO ALL THE
IMPORTS__________________________________________________
> from reportlab import platypus
> from reportlab.lib import styles, units, pagesizes
> from reportlab.pdfgen.canvas import Canvas
> import string
> #_______END IMPORTS
SECTION_________________________________________________
>
>
> #_______SET UP GLOBAL
VARIABLES_____________________________________________
> PAGE_WIDTH = pagesizes.letter[0]
> PAGE_HEIGHT = pagesizes.letter[1]
> txt_styles = styles.getSampleStyleSheet()
> styleTITLE = txt_styles['Heading1']
> #_______END GLOBAL
VARIABLES________________________________________________
>
> return "I didn't crash"
>
> -----------------------end sample problem
script---------------------------
>
> When I try to test it Zope tries to make me log in again, I do so, and it
> asks me to log in repeatedly.  If I finally click "Cancel", it gives me
> this:
> ------------------begin error condition
> experienced---------------------------
> Zope Error
>
> Zope has encountered an error while publishing this resource.
>
> Error Type: Unauthorized
> Error Value: You are not allowed to access Heading1 in this context
>
> (cut out "Troubleshooting Suggestions")
>
> Traceback (innermost last):
>   File /usr/local/Zope-2.5.0-src/lib/python/ZPublisher/Publish.py, line
150,
> in publish_module
>   File /usr/local/Zope-2.5.0-src/lib/python/ZPublisher/Publish.py, line
114,
> in publish
>   File /usr/local/Zope-2.5.0-src/lib/python/Zope/__init__.py, line 158, in
> zpublisher_exception_hook
>     (Object: feedback)
>   File /usr/local/Zope-2.5.0-src/lib/python/ZPublisher/Publish.py, line
98,
> in publish
>   File /usr/local/Zope-2.5.0-src/lib/python/ZPublisher/mapply.py, line 88,
> in mapply
>     (Object: test.py)
>   File /usr/local/Zope-2.5.0-src/lib/python/ZPublisher/Publish.py, line
39,
> in call_object
>     (Object: test.py)
>   File /usr/local/Zope-2.5.0-src/lib/python/Shared/DC/Scripts/Bindings.py,
> line 252, in __call__
>     (Object: test.py)
>   File /usr/local/Zope-2.5.0-src/lib/python/Shared/DC/Scripts/Bindings.py,
> line 283, in _bindAndExec
>     (Object: test.py)
>   File
>
/usr/local/Zope-2.5.0-src/lib/python/Products/PythonScripts/PythonScript.py,
> line 291, in _exec
>     (Object: test.py)
>     (Info: ({'script': <PythonScript instance at 8ed0008>, 'context':
> <Folder instance at 8ecd2d0>, 'container': <Folder instance at 8ecd2d0>,
> 'traverse_subpath': []}, (), {}, None))
>   File Script (Python), line 17, in test.py
>   File /usr/local/Zope-2.5.0-src/lib/python/AccessControl/ZopeGuards.py,
> line 94, in guarded_getitem
> Unauthorized: (see above)
>
> ------------------end error condition
> experienced-----------------------------
>
> It never returns the phrase "I didn't crash."  However, if I comment out
the
> line "styleTITLE = txt_styles['Heading1']" it does complete successfully.
> That means that the "pagesizes" stuff did import properly, because the
> PAGE_HEIGHT and PAGE_WIDTH get calculated properly (I can even return
those
> successfully).  Sorry for the long email, but I wanted to give a complete
> description of what I'm up against here.  I suspect there's some problem
in
> my __init__.py that's preventing me from accessing subobjects of what I've
> imported, but I'm not sure how to resolve it.
>
> Thanks,
> Dave
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>