Sean McGrath <[EMAIL PROTECTED]> wrote:
> All,
>
> I'm just a country boy raised on mashed potatoes and Zope 2.1.6.
> The new security model up here in the bright lights/big city world
> of Zope 2.2.4 has me all confused:-)
>
> I have an external method that returns an object. I have a dtml method
> that tries to reference an attribute of that object. The attempted
> attribute reference causes the HTTP authenticate dialog to appear.
> No username/password seems to appease it.
>
> Here is the relevant part of the DTML:
>
> <dtml-call "REQUEST.set('foo',testexternal(REQUEST,RESPONSE))">
> <dtml-var "foo.X">
>
> Here is the external method "testexternal":
You need to tell Zope's security policy that untrusted code can read the
attributes of instances of AClass, like so:
> class AClass:
__allow_access_to_unprotected_subobjects__ = 1
> def __init__(self):
> self.X = 1
> self.Y = 2
>
>
> def testexternal (self,REQUEST,RESPONSE):
> A = AClass()
> return A
>
> Thanks in advance,
> Sean McGrath
Tres.
--
===============================================================
Tres Seaver [EMAIL PROTECTED]
Digital Creations "Zope Dealers" http://www.zope.org
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
