Use Products.PythonScripts in Add-on


I have a Problem while developing a Add-on, which should use Products.PythonScripts.
First I thought it was Zope Related but it seems that is not the case.

I have a content-type with a script-body textfield for a user (Manager) to paste Pythoncode into.
During the IObjectAddedEvent I create the the PythonScript via manage_addPythonScript and fill it with the script_body text of the created content object.
During the __call__ of the view I execute the script with some dynamic input data.

So far so good.

My Problem is, that the execution of the PythonScript wants to write something into the Database.
If I comment out the script execution and return dummy data all works fine.
I dug through some packages but can not find any hint why my addons seems to write something into the database. As I said, I thought it was a bug, but in zope everything seems to work. So maybe it musst be on the plone or on my addons side. (For reference its the issue/54 in zopefoundation/Products.PythonScripts on gitub)

Can anybody point me in some direction, I'm really confused and lost.

There are a bunch of restrictions in place as to what Pythonscripts are allowed to do. From this old Zope guide:

Thx, I know this already and it its the reason why I want to use this Package.
My Problem is it seems during execution the PythonScript seems to write something in the ZODB. Nothing in my script writes something. Only some transformation of lists and dicts.
All Security Restrictions work as expected.

try to look at the Undo link in the zope root (now under databases). Generally, the link is something like /Control_Panel/Database/main/manage_UndoForm

If your script does something that modifies the database, maybe it is recorded there. Also, exceptions are logged, so check error_log if something pops up.

Nice. Great idea with the undo link. I will try it.

Please do not write any new code using PythonScripts. The concept of PythonScripts is so old and obsolete. In any case: write Python related code as a browser view.

1 Like

Jonathan Hofmann via Plone Community wrote at 2022-5-25 09:59 +0000:

My Problem is, that the execution of the PythonScript wants to write something into the Database.

When a ZODB object is modified in a transaction for the first
time, the _register (--> method of ZODB.Connection.Connection)
is called with this object (informing the connection that
this object's state must be stored in the database on commit).
You could put a breakpoint on this method and then analyse
the call stack.

Thanks for the assessment.
I thought PythonScripts was old but not obsolete.
Is there any other Concept to execute a custom script created ttw by a user (Manager) securely?
My idea is to create a content-type which fetches json data from a specified rest api endpoint. Performs some user defined transformation of the data (via a Python Script) and fills a table with the transformed data in its view.

Thanks very much. This tip got me in the right direction to find my mistake.
I finally found out what wrote into the database.

It had nothing to do with the PythonScript.
It was just a simple assignment my brain overlooked stubbornly.