How do I allow through-the-web Controller Python Scripts to import otherwise restricted modules? Plone4

Question

I have a Controller Page Template and a Controller Python Script that handles the action. It is great that I was able to add this form and action script through-the-web so I do not have to buildout and restart the Plone instance each time I make a slight change to the code. The problem is that my python script is supposed to build a list of content objects as an array and then share the objects with another server by POSTing the JSON array as the REQUEST body sent to a remote server. I have my array called arrayOfObjects that should look like "[{'param1':val1, 'param2':val2},{'param1':val3, 'param2':val4}]".

import json

...other stuff...

sJSON = json.dumps( arrayOfObjects )

The above code would work in a standard python interpreter, yet Plone restricts the use of many modules for through-the-web Python scripts that are managed in ZMI. That is a great security feature, however I want to continue developing the script through-the-web and move it into filesystem storage within my add-on product after it is all worked out. I have heard that the allow_module feature of the AccessControl package should enable the import, but it sounds as if you still might have to have it live on the filesystem. Is there any way to have both through-the-web editing of the Python Script and the JSON module that is critical to the functionality that I am building? Thanks in advance for any information!

PS- The insufficient privileges screen is what I see when I import the json module (expected behavior-not erroneous)

Answer 1

Somewhere, in regular python code, add the following:

from AccessControl import allow_module
allow_module('json')

to whitelist the module. Yes, this has to be run from file-system-based Python, for obvious security reasons.