Portal action available_expr and security restrictions

Derek Richardson derek.richardson at gatech.edu
Mon Aug 13 02:49:05 UTC 2007


So, I need to have a portal action that queries for an adapter and gets a 
utility in its available_expr. Can't do that in an expr, it seems. Tried 
module['zope.component'].getUtility(...), but security error.

So, I moved the logic to a util function in my package and tried just invoking 
the util function from the expr. Security error again, but now on my module, of 
course, not on zope.component.

I know that I can change security settings to allow access to my module and 
solve the problem. Two issues. (1) this is meant as a third-party product and I 
don't know about the legitimacy of doing this. (2) more importantly, I'm aiming 
at inclusion in Plone 3.5, so my package is plone.app.syndication.outbound, and 
relaxing security restrictions on the plone namespace seems a bad idea.

Also, my product is really just python packages, not an old-style product, so 
I'm not sure about how to create an external method or script with relaxed 
security restrictions.

I'm in over my head, here, and may not be making complete sense. Hopefully 
someone can clear this up with a few sentences. ;)

Thanks,

Ddedrek





More information about the Product-Developers mailing list