AW: [Zope3-dev] queryAdapter via __conform__

Roger ineichen dev at projekt01.ch
Mon Feb 23 15:39:57 EST 2004 

jim wrote:
> Dominik Huber wrote:
> > If queryAdapter is called by a view, the result is an unproxied 
> > adapted object.
> 
> Well, if the object being adaptged is proxied, then 
> queryAdapter will either return the object itself, which 
> would be proxied, or it would return an adapter of the 
> proxied object, in which case you have an adapter of a proxy, 
> and the underlying object is protected.

Yes, but if we call queryAdapter for to get a adapter from the
adapter service we get a unproxied adapter.

I think __conform__ is for to provide to return adapter by the object
it self. 
queryAdapter(object, interface, default=None, name='', context=None)
             ^^^^^^
If __conform__ of the object is invoked, we get back a proxied adapter.
                      ^^^^^^
The widget framework let's render widgets from a adapter (if this 
adapter comes from the adapter service) 
If we get the adapter from the method __conform__ we get a 
proxied object and the method _setUpWidgets() from the
widget framework isn't allowed to set adapted.__parent__ = self.context,
because adapted is proxied.

_setUpWidgets() and adapted.__parent__ = self.context are in 
the  file "..src\zope\app\browser\form\editview.py",

What can we do to support adapter which we get back from
the invoked __conform__?

> > If __conform__ is invoked during this call, the resulting adapted 
> > object is proxied.
> 
> If you are getting a proxy from __conform__, then the 
> underlying object was proxied and the resulting adapter 
> should be proxied.

No, we get a proxied object if we return a object in the __conform__
method. But we never proxied the object before. "Something" is 
proxing the object. (Perhaps we call this from a view) 
We check also the object befor we return the object and there
was no proxy before. But after the return we have a proxy around the object.


> > I would suggest to extend queryAdapter by a 
> removeAllProxies to provid 
> > a consistent behavior. Thus for example
> > the __conform__ mechansim could also used in the widget 
> framework (editview).
> 
> No.
> 
> > I will checking this changes if nobody has objections.
> 
> I object. Don't check this change in.
> Such a change would cause __conform__ to be a security hole.
> 
> Why is a security-proxied adapter a problem?

See above the proxy returned from the __conform__ method let
us not set the __parent__ attribute. But if we get the adapter
from the adapter service theres no problem. Because we don't have
security-proxied around the adapted object. 

At least if we check this with isProxy(), we get a "false".

Sorry, about my ugly english, perhaps dominik can explain this 
in a better way.

Roger

More information about the Zope3-dev mailing list