def guarded_import(mname, globals=None, locals=None, fromlist=None, level=-1):
for fromname in fromlist or ():
if fromname[:1] == '_':
raise Unauthorized(fromname)
# ZODB Components must be imported beforehand as ModuleSecurityInfo() may be
# called there and AccessControl secureModule() expects to find the module
# in _moduleSecurity dict. Also, import loader will fill MNAME_MAP.
if mname.startswith('erp5.component.'):
# Call find_load_module() to log errors as this will always raise
# Unauthorized error without details
#
# XXX: pkgutil.get_loader() only works with '__path__'
import erp5.component
_, _, package_name, module_name = mname.split('.', 3)
try:
component_package = getattr(erp5.component, package_name)
except AttributeError:
raise Unauthorized(mname)
if component_package.find_load_module(module_name) is None:
raise Unauthorized(mname)
if mname in MNAME_MAP:
mname = MNAME_MAP[mname]
if not fromlist:
# fromlist value is meaningless but required. See __import__ doc.
fromlist = ['__name__']
return orig_guarded_import(mname, globals, locals, fromlist, level)
def guarded_import(mname, globals=None, locals=None, fromlist=None, level=-1):
for fromname in fromlist or ():
if fromname[:1] == '_':
raise Unauthorized(fromname)
if mname in MNAME_MAP:
mname = MNAME_MAP[mname]
if not fromlist:
# fromlist value is meaningless but required. See __import__ doc.
fromlist = ['__name__']
return orig_guarded_import(mname, globals, locals, fromlist, level)
def dummyMethod(*args, **kw):
raise Unauthorized(name)