[Grok-dev] Re: Neanderthal sprint topics
wichert at wiggy.net
Wed Oct 3 03:05:31 EDT 2007
Previously Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Philipp von Weitershausen wrote:
> > Martijn Faassen wrote:
> >> On it being a push model, we push the context, request and view to the
> >> template. :)
> > Well, yeah. But you'd be surprised how many ZPT templates you see in
> > Zope (2) applications (such as Plone) that abuse the availability of
> > 'context' and reach waaaaaay too much into content space. Admittedly
> > it's a combination of having 'context', acquisition and Python
> > expressions. But still. We should try to find a decent compromise.
> I would actually avoid a compromise: don't even *offer* context to new
> views by default, especially ones coming from "push" land: even 'view'
> and 'request' are probably a bad idea. Instead, make the view class
> responsible for constructing an explicit namespace for the template.
> Such an approach has a number of benefits:
> - The template contains no "heaving lifting" / API-dependent logic
> (because it can't get to the APIs at all).
> - The contract of the view class becomes explicit and testable.
> - The view renders faster, because no security checks need be done
> *at all* in a push-model view (the class is implicitly trusted,
> and the template only gets what the trustee gives it).
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Grok-dev