[Zope-Perl] features.

Chris McDonough chrism@digicool.com
Fri, 26 Jan 2001 15:03:17 -0500 

>
> You need to get it inserted into the args when the function is
> invoked:
>     def __call__(self, *args, **kw):
>         ...
>         args = ("do",) + args
>         return apply(perl.safecall, (root, mask, args))
>
> It might make sense to add a checkbox to the Script edit interface
> that select between array/scalar context.  In array context I guess we
> will end up returning a tuple.

Ah, ok.  I don't think this is particularly useful right now, I just wanted
to understand it.

> You can't assign default values to the arguments of Script(Perl).  I
> have not tried to make it work.  Should probably check the argument
> list for '=' and give a more sensible error message.

Yeah.

> > Bummer.  So basically if you want to do a getitem on a Python object in
a
> > restricted Perl Script, you're currently out of luck because we can't
expose
> > Python::getitem due to security constraints, right?
>
> We can expose a careful_getitem() function as Python::getitem.  Can
> you tell me how we are to invoke the SecurityManager in this case?

Sure...

The arguments to the security manager "validate" method are:

    def validate(self, accessed=None, container=None, name=None, value=None,
                 roles=_noroles):
        """Validate access.

        Arguments:

        accessed -- the object that was being accessed

        container -- the object the value was found in

        name -- The name used to access the value

        value -- The value retrieved though the access.

        roles -- The roles of the object if already known.

        The arguments may be provided as keyword arguments. Some of these
        arguments may be ommitted, however, the policy may reject access
        in some cases when arguments are ommitted.  It is best to provide
        all the values possible.
        """

In this case "accessed" and "container" are the same (the object which is
being getitemed upon).  Forget about "name" (just don't pass it in).
"value" is the object obtained from the getitem.

So for:

$foo->{bar}

You'd call the validate function with the values:

accessed: $foo
container: $foo
name: None
value: the result of Python::getitem($foo, 'bar')

I'm not completely certain about ignoring "name", but I think it's the right
thing to do because the object passed in to getitem isn't always a string.

Evan short-circuits the validation process for values that are strings (he
doesn't even bother asking the security manager to validate the call).  This
is in PythonScripts/Guarded.py in _ReadGuardWrapper.

> > > The $self->Foo works because we provide a Python::Object::AUTOLOAD
> > > method that catch these calls and transforms them into a
> > > Python::getattr() call (with automatic Python::apply()) if the fetched
> > > attribute happens to be callable).
> >
> > Just curious, why is the apply automatic?  Is autocall a Perl idiom?
>
> Because perl does not really have a getattr thing.  In perl there is
> no difference between:
>
>    $o->foo;
>    $o->foo();
>
> Both is a argumentless call to a method called 'foo'.  DTML also seems
> to have this autocall behaviour.

Ok, thanks.  If this makes sense to a Perl coder, it's the right thing to
do.