[Checkins] SVN: Products.PythonScripts/trunk/ Copy in the code
Hanno Schlichting
hannosch at hannosch.eu
Sat Jul 10 09:18:43 EDT 2010
Log message for revision 114513:
Copy in the code
Changed:
U Products.PythonScripts/trunk/README.txt
U Products.PythonScripts/trunk/setup.py
A Products.PythonScripts/trunk/src/Products/PythonScripts/
D Products.PythonScripts/trunk/src/Products/PythonScripts/CHANGES.txt
D Products.PythonScripts/trunk/src/Products/PythonScripts/README.txt
D Products.PythonScripts/trunk/src/Products/PythonScripts/version.txt
-=-
Modified: Products.PythonScripts/trunk/README.txt
===================================================================
--- Products.PythonScripts/trunk/README.txt 2010-07-10 13:13:49 UTC (rev 114512)
+++ Products.PythonScripts/trunk/README.txt 2010-07-10 13:18:43 UTC (rev 114513)
@@ -1,3 +1,75 @@
Overview
========
+The Python Scripts product provides support for restricted execution of
+Python scripts, exposing them as callable objects within the Zope
+environment.
+
+Providing access to extra modules
+---------------------------------
+
+Python script objects have a limited number of "safe" modules
+available to them by default. In the course of working with Zope,
+you will probably wish to make other modules available to script
+objects.
+
+The Utility.py module in the PythonScripts products provides a
+simple way to make modules available for use by script objects
+on a site-wide basis. Before making a module available to Python
+scripts, you should carefully consider the potential for abuse
+or misuse of the module, since all users with permission to
+create and edit Python scripts will be able to use any functions
+and classes defined in the module. In some cases, you may want to
+create a custom module that just imports a subset of names from
+another module and make that custom module available to reduce
+the risk of abuse.
+
+The easiest way to make modules available to Python scripts on
+your site is to create a new directory in your Products directory
+containing an "__init__.py" file. At Zope startup time, this
+"product" will be imported, and any module assertions you make
+in the __init__.py will take effect. Here's how to do it:
+
+- In your Products directory (either in lib/python of your
+ Zope installation or in the root of your Zope install,
+ depending on your deployment model), create a new directory
+ with a name like "GlobalModules".
+
+- In the new directory, create a file named "__init__.py".
+
+- Edit the __init__.py file, and add calls to the 'allow_module'
+ function (located in the Products.PythonScripts.Utility module),
+ passing the names of modules to be enabled for use by scripts.
+ For example::
+
+ # Global module assertions for Python scripts
+ from Products.PythonScripts.Utility import allow_module
+
+ allow_module('base64')
+ allow_module('re')
+ allow_module('DateTime.DateTime')
+
+ This example adds the modules 'base64', 're' and the 'DateTime'
+ module in the 'DateTime' package for use by Python scripts. Note
+ that for packages (dotted names), each module in the package path
+ will become available to script objects.
+
+- Restart your Zope server. After restarting, the modules you enabled
+ in your custom product will be available to Python scripts.
+
+Placing security assertions within the package/module you are trying
+to import will not work unless that package/module is located in
+your Products directory.
+
+This is because that package/module would have to be imported for its
+included security assertions to take effect, but to do
+that would require importing a module without any security
+declarations, which defeats the point of the restricted
+Python environment.
+
+Products work differently as they are imported at Zope startup.
+By placing a package/module in your Products directory, you are
+asserting, among other things, that it is safe for Zope to check
+that package/module for security assertions. As a result, please
+be careful when place packages or modules that are not Zope Products
+in the Products directory.
Modified: Products.PythonScripts/trunk/setup.py
===================================================================
--- Products.PythonScripts/trunk/setup.py 2010-07-10 13:13:49 UTC (rev 114512)
+++ Products.PythonScripts/trunk/setup.py 2010-07-10 13:18:43 UTC (rev 114513)
@@ -18,7 +18,8 @@
version = '2.13.0dev',
url='http://pypi.python.org/pypi/Products.PythonScripts',
license='ZPL 2.1',
- description="",
+ description="Provides support for restricted execution of Python "
+ "scripts in Zope 2.",
author='Zope Foundation and Contributors',
author_email='zope-dev at zope.org',
long_description=open('README.txt').read() + '\n' +
Deleted: Products.PythonScripts/trunk/src/Products/PythonScripts/CHANGES.txt
===================================================================
--- Zope/trunk/src/Products/PythonScripts/CHANGES.txt 2010-07-10 13:13:49 UTC (rev 114512)
+++ Products.PythonScripts/trunk/src/Products/PythonScripts/CHANGES.txt 2010-07-10 13:18:43 UTC (rev 114513)
@@ -1,83 +0,0 @@
-2001-04-26 Evan Simpson <evan at digicool.com>
-
- * Version 2.0.0
- * Totally replaced zbytecodhacks engine with Zope's new
- RestrictedPython package, which it shares with DTML.
-
-1999-12-13 Evan Simpson <evan at 4-am.com>
-
- * Version 0.1.7
- * Nested functions and lambdas are now supported, with full safety.
- * You can access all of the dtml-var format functions through a builtin
- dictionary called special_formats (eg: special_formats['html-quote']).
- * Handing off to Digital Creations for inclusion in CVS.
- * Packaged with packProduct script, which excludes parent directories
- and .pyc files. Makes for a smaller package, and doesn't step on
- ownership/permissions of lib/python/Products path elements.
-
-1999-12-01 Evan Simpson <evan at 4-am.com>
-
- * Added COPYRIGHT.txt, making Wide Open Source licence (BSD-style)
- explicit. (Mike Goldman provided the text, I provided the silly name).
- * Jeff Rush donated a PrincipiaSearchSource method, so that
- PythonMethod objects can be zcataloged to the same degree
- as DTML Methods.
- * Also from Jeff Rush, a document_src method, so that the source of
- PythonMethods can be viewed via a "View Source" link if desired.
- * If a PM has a 'traverse_subpath' parameter, you can now directly
- traverse it. The elements of the subpath will then be put into a list
- in 'traverse_subpath'. (thanks to Anthony Baxter)
-
-1999-11-11 Evan Simpson <evan at 4-am.com>
-
- * Version 0.1.6
- * Fix to builtins messed up DTML Methods, so I re-fixed it.
-
-1999-11-05 Evan Simpson <evan at 4-am.com>
-
- * Version 0.1.5
- * Killed *%#&$@ weird bug in which having 'add' documents in 'www'
- subdirectory prevented rename, paste, or import of existing
- PythonMethods! See use of '_www'.
- * Range, test, and several other Zope 'builtins' had an unbound 'self'
- argument unless called on _, but that's fixed.
- * Safe multiplication was utterly broken (thanks to the guard); now
- it works. Is anyone using the safe version??
-
-1999-10-18 Evan Simpson <evan at 4-am.com>
-
- * Eliminated bug which delayed stringification of printed values.
-
-1999-10-08 Evan Simpson <evan at 4-am.com>
-
- * Version 0.1.4
- * Fixed mis-design noticed by Michel Pelletier, and refactored
- MakeFunction. Now both kinds of Python Method have the bugfix
- from 0.1.3, and shouldn't provoke a transaction when called.
-
-1999-10-07 Evan Simpson <evan at 4-am.com>
-
- * Version 0.1.3
- * Fixed parameter bug with 'self' and no defaults
-
-1999-09-24 Evan Simpson <evan at 4-am.com>
-
- * Version 0.1.2
- * Added WebDAV/FTP access code donated by Michel Pelletier
- * Made parameters part of WebDAV/FTP text
- * Eliminated initialization of globals to None
- * Added 'global_exists' global function instead
- * Killed bug with unused parameters
- * Put switch in Guarded.py to allow both regular and
- dangerous (XXX) PythonMethods to live side-by-side.
- This means that people who patched version 0.1.1
- will have to re-create any unsafe PMs they use (Sorry).
-
-1999-09-10 Evan Simpson <evan at 4-am.com>
-
- * Version 0.1.1
- * Incorporated DT_Util builtins and guards
- * Fixed direct access via URL
- * Fixed methodAdd.dtml
- * rstrip function body
- * Major changes to zbytecodehacks
Deleted: Products.PythonScripts/trunk/src/Products/PythonScripts/README.txt
===================================================================
--- Zope/trunk/src/Products/PythonScripts/README.txt 2010-07-10 13:13:49 UTC (rev 114512)
+++ Products.PythonScripts/trunk/src/Products/PythonScripts/README.txt 2010-07-10 13:18:43 UTC (rev 114513)
@@ -1,75 +0,0 @@
-Python Scripts
-
-
- The Python Scripts product provides support for restricted execution of
- Python scripts, exposing them as callable objects within the Zope
- environment.
-
- Providing access to extra modules
-
- Python script objects have a limited number of "safe" modules
- available to them by default. In the course of working with Zope,
- you will probably wish to make other modules available to script
- objects.
-
- The Utility.py module in the PythonScripts products provides a
- simple way to make modules available for use by script objects
- on a site-wide basis. Before making a module available to Python
- scripts, you should carefully consider the potential for abuse
- or misuse of the module, since all users with permission to
- create and edit Python scripts will be able to use any functions
- and classes defined in the module. In some cases, you may want to
- create a custom module that just imports a subset of names from
- another module and make that custom module available to reduce
- the risk of abuse.
-
- The easiest way to make modules available to Python scripts on
- your site is to create a new directory in your Products directory
- containing an "__init__.py" file. At Zope startup time, this
- "product" will be imported, and any module assertions you make
- in the __init__.py will take effect. Here's how to do it:
-
- o In your Products directory (either in lib/python of your
- Zope installation or in the root of your Zope install,
- depending on your deployment model), create a new directory
- with a name like "GlobalModules".
-
- o In the new directory, create a file named "__init__.py".
-
- o Edit the __init__.py file, and add calls to the 'allow_module'
- function (located in the Products.PythonScripts.Utility module),
- passing the names of modules to be enabled for use by scripts.
- For example:
-
- # Global module assertions for Python scripts
- from Products.PythonScripts.Utility import allow_module
-
- allow_module('base64')
- allow_module('re')
- allow_module('DateTime.DateTime')
-
- This example adds the modules 'base64', 're' and the 'DateTime'
- module in the 'DateTime' package for use by Python scripts. Note
- that for packages (dotted names), each module in the package path
- will become available to script objects.
-
- o Restart your Zope server. After restarting, the modules you enabled
- in your custom product will be available to Python scripts.
-
- NB -- Placing security assestions within the package/module you are trying
- to import will not work unless that package/module is located in
- your Products directory.
-
- This is because that package/module would have to be imported for its
- included security assertions to take effect, but to do
- that would require importing a module without any security
- declarations, which defeats the point of the restricted
- python environment.
-
- Products work differently as they are imported at Zope startup.
- By placing a package/module in your Products directory, you are
- asserting, among other things, that it is safe for Zope to check
- that package/module for security assertions. As a result, please
- be careful when place packages or modules that are not Zope Products
- in the Products directory.
-
Deleted: Products.PythonScripts/trunk/src/Products/PythonScripts/version.txt
===================================================================
--- Zope/trunk/src/Products/PythonScripts/version.txt 2010-07-10 13:13:49 UTC (rev 114512)
+++ Products.PythonScripts/trunk/src/Products/PythonScripts/version.txt 2010-07-10 13:18:43 UTC (rev 114513)
@@ -1 +0,0 @@
-PythonScripts-2-0-0
More information about the checkins
mailing list