AW: [Zope3-dev] queryAdapter via __conform__
Roger ineichen
dev at projekt01.ch
Mon Feb 23 15:39:57 EST 2004
jim wrote:
> Dominik Huber wrote:
> > If queryAdapter is called by a view, the result is an unproxied
> > adapted object.
>
> Well, if the object being adaptged is proxied, then
> queryAdapter will either return the object itself, which
> would be proxied, or it would return an adapter of the
> proxied object, in which case you have an adapter of a proxy,
> and the underlying object is protected.
Yes, but if we call queryAdapter for to get a adapter from the
adapter service we get a unproxied adapter.
I think __conform__ is for to provide to return adapter by the object
it self.
queryAdapter(object, interface, default=None, name='', context=None)
^^^^^^
If __conform__ of the object is invoked, we get back a proxied adapter.
^^^^^^
The widget framework let's render widgets from a adapter (if this
adapter comes from the adapter service)
If we get the adapter from the method __conform__ we get a
proxied object and the method _setUpWidgets() from the
widget framework isn't allowed to set adapted.__parent__ = self.context,
because adapted is proxied.
_setUpWidgets() and adapted.__parent__ = self.context are in
the file "..src\zope\app\browser\form\editview.py",
What can we do to support adapter which we get back from
the invoked __conform__?
> > If __conform__ is invoked during this call, the resulting adapted
> > object is proxied.
>
> If you are getting a proxy from __conform__, then the
> underlying object was proxied and the resulting adapter
> should be proxied.
No, we get a proxied object if we return a object in the __conform__
method. But we never proxied the object before. "Something" is
proxing the object. (Perhaps we call this from a view)
We check also the object befor we return the object and there
was no proxy before. But after the return we have a proxy around the object.
> > I would suggest to extend queryAdapter by a
> removeAllProxies to provid
> > a consistent behavior. Thus for example
> > the __conform__ mechansim could also used in the widget
> framework (editview).
>
> No.
>
> > I will checking this changes if nobody has objections.
>
> I object. Don't check this change in.
> Such a change would cause __conform__ to be a security hole.
>
> Why is a security-proxied adapter a problem?
See above the proxy returned from the __conform__ method let
us not set the __parent__ attribute. But if we get the adapter
from the adapter service theres no problem. Because we don't have
security-proxied around the adapted object.
At least if we check this with isProxy(), we get a "false".
Sorry, about my ugly english, perhaps dominik can explain this
in a better way.
Roger
More information about the Zope3-dev
mailing list