Hello,<br><br>I have build a Plone product which allows users to enter a piece of Python code.<br>This way, users can easily define their own actions without changing the product source code.<br><br>Those pieces of code are executed using the exec Python command.
<br><br>The problem is that nothing prevents the user to access any other object in the ZODB (using getParentNode, or traverse) and to modify it (as far as the user is allowed to use the method which runs his piece of code, AccessControl will not check his permission during the execution itself).
<br><br>So my first idea was to cut all the acquisition chain: I replace self with aq_base(self) just before running the piece of code, and there is no way to access anything outside the current object itself.<br><br>It is OK, but my product contains some methods which use Plone portal tools (like MailHost, portal_membership), and I would like to offer the ability to use those methods in the user defined pieces of code.
<br>Of course, as I remove the acquisition chain, those methods doesn't work.<br><br>So my question is: is there a way to provide a read-only access to the current object's acquisition parents ?<br>I thought about different ways:
<br>- can we "lock" an object in the ZODB ?<br>- can we build a read-only proxy to an object ?<br>- can we make a temporary copy of an object that will be stored in the ZODB ? (regarding that point, I know how to do it, but I am not sure about the performances...)
<br><br>Any suggestion ?<br><br>Regards,<br><br>Eric BREHAULT<br>