[Zope] Security?
Dylan Reinhardt
zope at dylanreinhardt.com
Mon Dec 1 18:14:31 EST 2003
On Mon, 2003-12-01 at 14:24, Goldthwaite, Joe wrote:
> Well, it didn't work. As soon as I tried to create a loop and access the
> .desc property of the ISLine objects, I got this message;
>
> Error Type: Unauthorized
> Error Value: You are not allowed to access desc in this context
You're doing the same thing again... using custom objects in a
restricted environment.
Do *all* the heavy lifting in your external method... IMO, templates
shouldn't have to do practically any logic at all. It's usually pretty
easy to do this in Python, often just something like:
---
return [(item['id'], item['desc']) for item in item_list]
---
Then all your template has to do is iterate over a list of tuples.
HTH,
Dylan
More information about the Zope
mailing list