Document Actions
Using unauthorized modules in scripts
Warning: This item is marked as outdated.
This How-to applies to:
Plone 2.1.x, Plone 2.0.x
This How-to is intended for:
Developers
How to authorize scripts and other secure context to use external (unauthorized) Python code, then call this code from page templates
Please refer to this Zope specific tutorial.
If you are creating your own product, you can place authorizing to your Product's __init__.py
Here is some example:
from AccessControl import allow_module
from AccessControl import ModuleSecurityInfo
...
ModuleSecurityInfo("Products.Usability").declarePublic("isRequestView")
ModuleSecurityInfo("Products.Usability").declarePublic("issueFieldVisibility")
Then you can call public functions in your page template code:
<a tal:attributes="href python: modules['Products.Usability'].isRequestView(rows.get('link'), context)"
See following Zope methods and classes
- AccessControl.allow_module
- AccessControl.allow_class
- AccessControl.ClassSecurityInfo
- AccessControl.ModuleSecurityInfo
Note that sometimes secured calls should be placed inside wrapper functions which deal with parameter checking and other validation to prevent opening any security holes.
see also:
-
Writing logging data from python scripts (for debugging)
- Debugging python scripts (those in the skins/ directory) can be hard. Adding zope logging to your script is easy and will help pinpoint the problem.
-
Debugging Unauthorized / Insufficient Privileges
- One of the most common errors you will get as a Plone developer is the "Insufficient Privileges" message. This message does not tell you exactly what went wrong for security reasons, but there are ways to expose this using VerboseSecurity.
by
Mikko Ohtamaa
—
last modified
May 29, 2006 - 00:18
Contributors:
Mikko Ohtamaa
All content is copyright Plone Foundation and the individual contributors.
