Calling into Plone from formula fields

  • Niall Douglas

    Niall Douglas - 2011-05-17


    I'm trying to get a "calculate on display" formula to take a price from the current plominoDocument, run it through currency.converter ( and spit whatever that price is in EUR.

    Here's the code which fetches a current currency conversion price in Plone by asking the currency converter utility:

    from zope.component import getUtility, provideUtility
    from currency.converter.interfaces import IRateAgainstBaseRate
    from currency.converter.currency_data import RateAgainstBaseRate
    rabr = RateAgainstBaseRate()
    provideUtility(rabr, provides=IRateAgainstBaseRate)
    rabru = getUtility(IRateAgainstBaseRate)
    exchangerate=rabru(1, "EUR", "USD")
    return exchangerate

    This ought to output '1.41' and indeed it works just fine in Clouseau. However, Zope's logs reveal the following:

    2011-05-17T01:33:34 ERROR Plomino   File "Script (Python)", line 4, in field_dediserverentryview_Dump_formula
    Unauthorized: You are not allowed to access 'component' in this context
    Context is <PlominoDocument> /
    Code : 
    4: from zope.component import getUtility, provideUtility
    5: from currency.converter.interfaces import IRateAgainstBaseRate
    6: from currency.converter.currency_data import RateAgainstBaseRate
    7: rabr = RateAgainstBaseRate()
    8: provideUtility(rabr, provides=IRateAgainstBaseRate)
    9: rabru = getUtility(IRateAgainstBaseRate)
    10: exchangerate=rabru(1, "EUR", "USD")
    11: return exchangerate

    Obviously plominoDocument isn't letting us out of whatever prison we're in.

    Any suggestions?

    Thanks in advance,

  • Eric Brehault

    Eric Brehault - 2011-05-19


    Indeed, all Plomino are actually some regular PythonScripts stored (and compiled) in the db /scripts folder (have a look in the ZMI).
    Zope PythonScripts are extremely restrictive for obvious security reasons (as they can be changed from the web interface).
    The same restrictions apply to Plomino formulas.

    To be able to use handy services provided by non-authorized packages, we have implemented some methods into PlominoUtils ( )
    As the packages are imported into the sources of the product, they can be used from a formula (they are considered and declared as safe).

    To do what you want to do, there is a way to provide to Plomino some custom utils as plugins from your own product. The procedure is explained here:

    (Note: another approach could be to put your code into an Extensions, and load it into an external method in Zope)




Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks