[Grok-dev] Re: Neanderthal sprint topics

Tres Seaver tseaver at palladion.com
Tue Oct 2 18:24:00 EDT 2007

Hash: SHA1

Philipp von Weitershausen wrote:

> Martijn Faassen wrote:

>> On it being a push model, we push the context, request and view to the 
>> template. :)
> Well, yeah. But you'd be surprised how many ZPT templates you see in 
> Zope (2) applications (such as Plone) that abuse the availability of 
> 'context' and reach waaaaaay too much into content space. Admittedly 
> it's a combination of having 'context', acquisition and Python 
> expressions. But still. We should try to find a decent compromise.

I would actually avoid a compromise:  don't even *offer* context to new
views by default, especially ones coming from "push" land:  even 'view'
and 'request' are probably a bad idea.  Instead, make the view class
responsible for constructing an explicit namespace for the template.

Such an approach has a number of benefits:

 - The template contains no "heaving lifting" / API-dependent logic
   (because it can't get to the APIs at all).

 - The contract of the view class becomes explicit and testable.

 - The view renders faster, because no security checks need be done
   *at all* in a push-model view (the class is implicitly trusted,
   and the template only gets what the trustee gives it).

For an example of using this model under ZPT, see:


- --
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Grok-dev mailing list