[Zope-dev] how to add to the pythonscript allowed import list?

[R. David Murray]

I've got a little Product that does some init hacks.  One of the
things I want to do is expose a couple of python fuctions such that
they can be imported into pythonscripts.  After much spelunking in
the mailing list and the PythonMethods wiki on zope.org, I *think*
that what I need to do is something like this:

----------------------
from AccessControl import ModuleSecurityInfo

security = ModuleSecurityInfo()

security.declarePublic('SignedEditions')
security.declarePublic('stripCardNum','verifyCardNumber')
from cccheck import stripCardNum, verifyCardNumber

security.apply(globals())
----------------------

Now, that SignedEditions one is my attempt to solve the following
error message when I attempt to do 'from SignedEditions import stripCardNum':

Error Type: ImportError
Error Value: import of "SignedEditions" is unauthorized

However, it does not solve the problem.

Hmm.  I just noticed that I forgot to prefix that with "Products.".
Which would seem to make that error message a bug, since SignedEditions
shouldn't exist in the import path.  If I do

from Products.SignedEditions import stripCardNum

then ZDebug tells me:

Unauthorized: Access denied for <module 'Products.SignedEditions' from '/usr/local/zope/sites/signededitions/Products/SignedEditions/__init__.py'> because its container, <module 'Products' from '/usr/local/zope/Zope231b1/lib/python/Products/__init__.pyc'>, has no security assertions.

What do I need to do to assert that it is OK to import from the
SignedEditions product? The wiki does not seem to address this
question at all, though it implies that it is possible, since it
*does* talk about the above assertions to declare things *inside*
the product as importable.

(Oh, BTW, I tried changing 'security' to "ZopeSecurity", but that didn't
seem to change the behavior).

--RDM