[Zope] Python Classes and Zope.

Paul Winkler pw_lists at slinkp.com
Fri Dec 2 11:34:45 EST 2005


On Fri, Dec 02, 2005 at 09:49:25AM -0500, Paul Winkler wrote:
> 2) in the wrapper class, use ClassSecurityInfo() to 
> declare the methods you need public or permission-protected,
> or use allowAny().

Brain fart, sorry. There is no allowAny in ClassSecurityInfo
or elsewhere.
 
The quick-and-easy thing to do, if you don't want to create
wrapper or derived class, somewhere in some Product code,
do stuff like the following:

from AccessControl import allow_class, allow_module, ModuleSecurityInfo

# Allow scripts to *instantiate* a class.
# Skip this if your scripts don't need to instantiate the objects.
# Note that you can't call methods on it yet, keep reading...

ModuleSecurityInfo('Products.MyProduct').declarePublic('myclass')

# Allow unrestricted access to all *existing* instances
# of a class. Now you can call its methods.
# Note this *doesn't* automatically allow you to use
# other objects returned by any of its methods, so 
# you may need to explicitly allow a bunch of other classes too...

allow_class(myclass)

# Allow scripts to import and use a function defined in
# some product. This works just like allowing to instantiate classes.

ModuleSecurityInfo('Products.MyProduct').declarePublic('myfunc')

# Works for standard library or other modules on $PYTHONPATH too.

ModuleSecurityInfo('urllib').declarePublic('urlopen')


# Allow unrestricted imports and usage of an *entire* module:
allow_module('mypackage.mymodule')
# ... well, mostly. Sometimes that doesn't work and you need
# to sprinkle in a few more declarations, e.g. for types
# defined in C.
# See for example
# lib/python/Products/PythonScripts/module_access_examples.py
# showing complications for e.g. the "re" module.

-- 


Paul Winkler
http://www.slinkp.com


More information about the Zope mailing list