At 18:43 16/01/2002, you wrote: Sorry about cross-posting but I think the following info is worth reading for both zope-users and developers.
>Note that up until Zope 2.5.0b4 there is a bug in the way module security >assertions are handled that makes it impossible to declare more than one >assertion without overwriting a previous assertion. It's not really a >"security hole", it's just annoying and clearly broken. I'd suggest that >you complain about this (or do it yourself) if you think a monkeypatch is >in order for Zope 2.3/2.4. I went to CVS and read AccessControl.SecurityInfo.py The code looked simple enough that I would take no risk by including it even if my understanding of the inner-working of Zope is still elementary. The following patch works to correct the problem for Zope 2.3.3. It does not seem to cause any other problem. # patch taken from Zope 2.5 from string import rfind # 1.5.2 syntax def ModuleSecurityInfo(module_name=None): if module_name is not None: modsec = _moduleSecurity.get(module_name, None) if modsec is not None: return modsec dot = rfind(module_name, '.') # 1.5.2 syntax if dot > 0: # If the module is in a package, recursively make sure # there are security declarations for the package steps # leading to the module modname = module_name[dot + 1:] pmodsec = ModuleSecurityInfo(module_name[:dot]) if not pmodsec.names.has_key(modname): pmodsec.declarePublic(modname) return _ModuleSecurityInfo(module_name) class _ModuleSecurityInfo(SecurityInfo): """Encapsulate security information for modules.""" in place of class ModuleSecurityInfo(SecurityInfo): """Encapsulate security information for modules.""" I do not know what you mean by a 'monkeypatch' but it is certainly worth it to add the patch to 2.3.x and 2.4.x branches. >Godefroid Chapelle wrote: > >> > Casey Duncan wrote: >> > >> > > So the following things don't work: >> > > >> > > from Products.Formulator.Form import FormValidationError >> > >> > Either Martijn or you need to add the following lines to a Product >> > __init__.py somewhere: >> > >> > from AccessControl import ModuleSecurityInfo >> > ModuleSecurityInfo('Products').declarePublic('Formulator') >> > ModuleSecurityInfo('Products.Formulator').declarePublic('Form') >> > >> ModuleSecurityInfo('Products.Formulator.Form').declarePublic('FormValidationError') >> >> > >> > Cheers, >> > >> > Evan @ Zope >> >>I added the above code in the corresponding __init__.py on my machine. >>Which works almost perfectly...: >>Further, I needed to be able to import : >>from Products.gvibDA.gvib.gvibExceptions import IntegrityError >> >>So I added the following code in gvibDA's __init__.py >>from Products.PythonScripts.Utility import allow_module, allow_class >>from AccessControl import ModuleSecurityInfo, ClassSecurityInfo >>from Globals import InitializeClass >>ModuleSecurityInfo('Products').declarePublic('gvibDA') >>ModuleSecurityInfo('Products.gvibDA').declarePublic('gvib') >>ModuleSecurityInfo('Products.gvibDA.gvib').declarePublic('gvibExceptions') >>ModuleSecurityInfo('Products.gvibDA.gvib.gvibExceptions').declarePublic('IntegrityError') > >> >>from gvib.gvibExceptions import IntegrityError >>allow_class(IntegrityError) >> >>I get an 'Unauthorized: Formulator' error when accessing a script >>beginning with >>from Products.Formulator.Form import FormValidationError >>from Products.gvibDA.gvib.gvibExceptions import IntegrityError >> >>I suppose it has something to do with the creation of two instances of >>ModuleSecurityInfo('Products') but have no idea how to correct the problem. >>Any help would be appreciated. >> >>-- >> >>Godefroid Chapelle >>BubbleNet sprl >>rue Victor Horta, 18 / 202 >>1348 Louvain-la-Neuve >>Belgium >>Tel + 32 (10) 459901 >>Mob + 32 (477) 363942 >>TVA 467 093 008 >>RC Niv 49849 >> >>_______________________________________________ >>Zope maillist - [EMAIL PROTECTED] >>http://lists.zope.org/mailman/listinfo/zope >>** No cross posts or HTML encoding! ** >>(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce >>http://lists.zope.org/mailman/listinfo/zope-dev ) > > -- Godefroid Chapelle BubbleNet sprl rue Victor Horta, 18 / 202 1348 Louvain-la-Neuve Belgium Tel + 32 (10) 459901 Mob + 32 (477) 363942 TVA 467 093 008 RC Niv 49849 _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )