[Zope] NUXUserGroups Zope security
Sun, 14 Jul 2002 11:32:37 +0100
Sion Morris wrote:
> So to access any methods of objects from a python script or DTML I have
> to create an external method? Is this right.
Yes, unless those methods have been specifically designed to be used from Python
> Would some kind soul
> explain why this is the case or if I'm doing it incorrectly or I missed
It's for security reasons. If you have a look in standard.py of the
PythonScripts product, you can see how to make security assertions about
modules, classes and their methods.
> I have read the security.declareProtected stuff on ZDG and noticed that
> getUsers has
> security.declareProtected(ManageUsers, 'getUsers'). The python script
> above has a proxy role of manager which has permission to 'Manage users'.
Hmmm... that is odd. Are you sure that's the getUsers you're executing?
If it is, then maybe there's a bug lurking here?