[Zope] NUXUserGroups Zope security

Chris Withers chrisw@nipltd.com
Sun, 14 Jul 2002 11:32:37 +0100

Sion Morris wrote:
> So to access any methods of objects from a python script or DTML I have
> to create an external method? Is this right. 

Yes, unless those methods have been specifically designed to be used from Python

> Would some kind soul
> explain why this is the case or if I'm doing it incorrectly or I missed
> something.

It's for security reasons. If you have a look in standard.py of the
PythonScripts product, you can see how to make security assertions about
modules, classes and their methods.

> I have read the security.declareProtected stuff on ZDG and noticed that
> getUsers has
> security.declareProtected(ManageUsers, 'getUsers'). The python script
> above has a proxy role of manager which has permission to 'Manage users'.

Hmmm... that is odd. Are you sure that's the getUsers you're executing?
If it is, then maybe there's a bug lurking here?