[Zope-dev] zope.contentprovider not useable together with Zope 2.13.4

[Hanno Schlichting]

On Fri, Mar 18, 2011 at 3:34 PM, Michael Howitz <mh at gocept.com> wrote:
> According to my findings, the provider-expression should work in Zope2 PageTemplates (Products.PageTemplates) as it is registered in Products.PageTemplates.Expressions.createZopeEngine.

Sure. The provider expression should work, as Five takes care of
registering it. What doesn't work is the expressiontype directive.
There's only an imperative mode of setting up expression types inside
Zope 2.

> In the project mentioned before Zope3 PageTemplates (zope.pagetemplate and z3c.template) are used, too.
> Sometimes we had permission problems ("UnauthorizedBinding: context") with the Zope2 PageTemplates even with Zope 2.11.
> Maybe mixing Zope2 and Zope3 PageTemplates is the source of the permission problems.

That could be. Zope 3 page templates don't have any security context
in Zope 2 as far as I know. So there's neither RestrictedPython nor
AccessControl checks taking place. Once you start mixing them with
Zope 2 page templates for example via macro calls it all gets weird.

> As the outermost template is a z3c.template I doubt fixing the expressiontype declaration will help much in our use case.
> It will help to get zope.contentprovider running in Zope2 as this package has no reference to a TALES-Engine, everything is done in tales:expressiontype.

I'm not sure the existing expressiontype indirection is useful inside
Zope 2. We have lived without it for all those years and until now
nobody complained about it not being there. If we want to have
pluggable namespaces in TAL, we can go directly for
chameleon.zpt.interfaces.IExpressionTranslator instead.

Hanno