[Zope-dev] Hookable Parameter Checking

Chris Withers chrisw@nipltd.com
Sun, 11 Nov 2001 11:49:51 +0000


Ivan Raikov wrote:
> 
> security machinery allows. I've always thought that it might be nice
> to provide a hook for each method in a Zope class (similar to
> declarative security statements), and to use this hook to validate the
> parameters, according to the needs of the user.

Now that's a brilliant idea :-)

Could you stick that in a Proposal and get it implemented? I'd love to use it...

>       For string parameters, perhaps we can also have the ability to
> specify a "filter" -- something like a search and replace statement,
> with Sed-like syntax.

Ah, but surely the hookable method you propose could be used to doing any
filtering required. This'd be my idea:

from coersion import coerce

def checkParms(self,args,kw):
  
  if args:
    raise TypeError,'Only keyword arguments allowed'

  if len(kw.keys())>1:
    raise TypeError,'Too many parameters supplied'

  param1 = kw.get('param1','')
  param1 = coerce(param1,'html',tags=self.allowed_tags)
  return ((),{'param1':param1})
      

def myClass(Folder):

  security = ClassSecurityInfo()

  security.declarePublic('myMethod')
  security.setParameterChecker('myMethod',checkParms)
  def myMethod(self,param1):
    ...do stuff...

I just have a feeling that it might make your app crawl though :-(

cheers,

Chris