[Zope-CMF] Re: [CMF 2.1] FSPageTemplate & Unicode

[Jens Vagelpohl]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 6 Jan 2007, at 21:49, Martin Aspeli wrote:
> Also, getToolByName remains and is almost certainly the way forward  
> for all TTW code still, because it lets us aq wrap, it removes the  
> need to make all interfaces importable in untrusted code, and it  
> can do any additional security related things. In filesystem code,  
> though, I think the security aspect won't matter in most cases.

getToolByName on the branch will give you a DeprecationWarning. The  
branch does provide an alternative to getToolByName for untrusted  
code that I think is close to the whole utility idea. I call it  
"getToolByInterfaceName" and instead of a tool ID you pass in the  
interface's dotted name as a string:

getToolByName(context, 'portal_actions')

would become

getToolByInterfaceName(context,  
'Products.CMFCore.interfaces.IActionsTool')

whereas everything else stays the same, meaning you can pass in a  
default, and the method will wrap the tool before handing it back.  
However, instead of AttributeError, this one raises  
ComponentLookupError, but that decision can always be revisited.

Now, the main issue is still there, how to deal with tool wrapping  
when calling getUtility/queryUtility in trusted code. Doing it every  
time right after the call is stupid. I like Tres' hardline assertion  
that we must have it wrapped every time, automatically. This needs to  
be implemented somehow, maybe in Five as he suggests.

How do we proceed?

jens


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFoA7bRAx5nvEhZLIRAk0IAJ9FRh3daPcHkEOZknzg0E3DkGdlYQCfQrCt
zPpvOs0m2Q/mTMubvknO+Gc=
=nsnx
-----END PGP SIGNATURE-----