[Zope-Checkins] CVS: Zope2 - DA.py:1.103

shane@digicool.com shane@digicool.com
Thu, 21 Jun 2001 13:45:15 -0400 (EDT)


Update of /cvs-repository/Zope2/lib/python/Shared/DC/ZRDB
In directory korak.digicool.com:/tmp/cvs-serv24737/lib/python/Shared/DC/ZRDB

Modified Files:
	DA.py 
Log Message:
Based on some semi-formal performance tests, read guards turned out to be
slower than the old code.  With this change, we're using simple function
calls again to perform security checks.  But the calling sequence is
intended to be easier to comprehend than the old code.  Now instead of
DT_String.String subclasses having a validate() method attached to them, they
subclass AccessControl.DTML.RestrictedDTML, which provides a guarded_getattr()
method and a guarded_getitem() method.

Note that the functionality of guarded_getattr() used to be implemented
both in C and Python (in cDocumentTemplate and DT_Util), but now it's in
one place, ZopeGuards.py.  Thus it's not only reusable but easy to
optimize.

I ran all the tests and ran the new code through the profiler again.  The
change sped up restricted code a little more than expected, which is
definitely a good thing, but that may indicate that nested scopes
have a hidden speed penalty.

Also, RestrictedPython is now restrictive about printing to targets and
two forms of augmented assignment had to be forbidden.



--- Updated File DA.py in package Zope2 --
--- DA.py	2001/04/27 20:27:55	1.102
+++ DA.py	2001/06/21 17:45:14	1.103
@@ -105,7 +105,8 @@
 from cPickle import dumps, loads
 from Results import Results
 from App.Extensions import getBrain
-from AccessControl import getSecurityManager, full_read_guard
+from AccessControl import getSecurityManager
+from AccessControl.DTML import RestrictedDTML
 from webdav.Resource import Resource
 from webdav.Lockable import ResourceLockedError
 try: from IOBTree import Bucket
@@ -123,11 +124,10 @@
     _proxy_roles=()
 
 
-class SQL(ExtensionClass.Base, nvSQL):
+class SQL(RestrictedDTML, ExtensionClass.Base, nvSQL):
     # Validating SQL template for Zope SQL Methods.
+    pass
 
-    def read_guard(self, ob):
-        return full_read_guard(ob)
 
 class DA(
     Aqueduct.BaseQuery,Acquisition.Implicit,