[ZPT] Security with PageTemplateFile

Brent M Hendricks brent@valinor.waldenweb.com
Tue, 4 Dec 2001 12:40:39 -0600


Hi,

I am working with Stephan Richter on a Zope/Mailman integration
product.  We're trying use PageTemplateFile for the management
screens, but are running into security difficulties.  I apologize if
this isn't the right list for this question, but I figured it was the
best place to find people with experience using PageTemplateFile.

Anyway, Mailman defines it's system configuration parameters (such as
DEFAULT_HOST_NAME) in a file named mm_cfg.py.  To get access to these
parameters, we were doing the following:

class MailmanFolder(Folder):

    security = ClassSecurityInfo()    
    meta_type = 'Mailman Folder'

[snip]

    security.declareProtected('View', 'get_list_names', 'manage_admin')
    #manage_admin = Globals.DTMLFile('dtml/manage_admin', globals())
    manage_admin = PageTemplateFile('dtml/manage_admin', globals())

    # Make objects publicly accessible
    security.setDefaultAccess("allow")

    from Mailman import mm_cfg
    conf = mm_cfg

Globals.InitializeClass(MailmanFolder)


Then in the management page template I have a line like:

<span tal:replace="here/conf/DEFAULT_HOST_NAME">MyHost</span>

Unfortunately this give me the error

Error Type: Undefined
Error Value: You are not allowed to access DEFAULT_HOST_NAME in this
context not found in 'here/conf/DEFAULT_HOST_NAME', at line 5, column 9


Any hints would be greatly appreciated.

Thanks,
Brent

PS.  I know setDefaultAccess("allow") is dangerous.  I also tried 
     security.declarePublic('conf') without success.


-------------------------------------------------------------------------

"The programmer, like the poet, works only slightly removed from pure
 thought-stuff.  He builds his castles in the air, from air, creating
 by exertion of the imagination.  Few media of creation are so
 flexible, so easy to polish and rework, so readily capable of
 realizing grand conceptual structures."
                        -- Frederick Brooks, Jr., The Mythical Man Month