Sean McGrath <[EMAIL PROTECTED]> wrote: > All, > > I'm just a country boy raised on mashed potatoes and Zope 2.1.6. > The new security model up here in the bright lights/big city world > of Zope 2.2.4 has me all confused:-) > > I have an external method that returns an object. I have a dtml method > that tries to reference an attribute of that object. The attempted > attribute reference causes the HTTP authenticate dialog to appear. > No username/password seems to appease it. > > Here is the relevant part of the DTML: > > <dtml-call "REQUEST.set('foo',testexternal(REQUEST,RESPONSE))"> > <dtml-var "foo.X"> > > Here is the external method "testexternal": You need to tell Zope's security policy that untrusted code can read the attributes of instances of AClass, like so: > class AClass: __allow_access_to_unprotected_subobjects__ = 1 > def __init__(self): > self.X = 1 > self.Y = 2 > > > def testexternal (self,REQUEST,RESPONSE): > A = AClass() > return A > > Thanks in advance, > Sean McGrath Tres. -- =============================================================== Tres Seaver [EMAIL PROTECTED] Digital Creations "Zope Dealers" http://www.zope.org _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )