AW: [Zope3-dev] queryAdapter via __conform__

[Jim Fulton]

Roger ineichen wrote:
> jim wrote:
> 
>>Dominik Huber wrote:
>>
>>>If queryAdapter is called by a view, the result is an unproxied 
>>>adapted object.
>>
>>Well, if the object being adaptged is proxied, then 
>>queryAdapter will either return the object itself, which 
>>would be proxied, or it would return an adapter of the 
>>proxied object, in which case you have an adapter of a proxy, 
>>and the underlying object is protected.
> 
> 
> Yes, but if we call queryAdapter for to get a adapter from the
> adapter service we get a unproxied adapter.

This is a restatement of what you said above, and to which I replied.
I won't bother to repeat my earlier reply. ;)

...

> The widget framework let's render widgets from a adapter (if this 
> adapter comes from the adapter service) 

You are talking about the fact that the *form* framework
is willing to adapt a form's context to a schema. Then the
object used to access the data is an adapter. This adapter could
come from a __conform__ method. Is this what you mean?

> If we get the adapter from the method __conform__ we get a 
> proxied object and the method _setUpWidgets() from the
> widget framework isn't allowed to set adapted.__parent__ = self.context,
> because adapted is proxied.
> 
> _setUpWidgets() and adapted.__parent__ = self.context are in 
> the  file "..src\zope\app\browser\form\editview.py",

It would be cleaner if the __conform__ method set the __parent__
attribute before returning the adapter.  It would be good
to modify editview to check whether the parent was already set before
setting it. Feel free to make that change if you want. :)

> What can we do to support adapter which we get back from
> the invoked __conform__?

You need to make security declarations for the adapter.
To do this, you need to actually use the class ZCML
directive:

<adapter provides="IFooSchema" for="IBar" factory=".BarFooSchema" />

<class class=".BarFooSchema">
    <require permission="x.ManageBar"
             interface="IFooSchema"
             set_schema="IFooSchema"
             set_attributes="__parent__"
             />
</content>

This is more cumbersome than it should be.  We should
provide a way to express this with the adapter directive
only.

>>>If __conform__ is invoked during this call, the resulting adapted 
>>>object is proxied.
>>
>>If you are getting a proxy from __conform__, then the 
>>underlying object was proxied and the resulting adapter 
>>should be proxied.
> 
> 
> No, we get a proxied object if we return a object in the __conform__
> method. But we never proxied the object before.

I think you are mistaken.

 > "Something" is
> proxing the object. (Perhaps we call this from a view) 

The object passed to getAdapter is proxied. This is the context of
the view and it is almost certainly proxied.

> We check also the object befor we return the object and there
> was no proxy before. But after the return we have a proxy around the object.

Again, I think you are mistaken.  If the object isn't proxied,
then I have a hard time believing calling __conform__ would magically
add a proxy. How did you arrive at the conclusion that the object
was not proxied?

> 
> 
>>>I would suggest to extend queryAdapter by a 
>>
>>removeAllProxies to provid 
>>
>>>a consistent behavior. Thus for example
>>>the __conform__ mechansim could also used in the widget 
>>
>>framework (editview).
>>
>>No.
>>
>>
>>>I will checking this changes if nobody has objections.
>>
>>I object. Don't check this change in.
>>Such a change would cause __conform__ to be a security hole.
>>
>>Why is a security-proxied adapter a problem?
> 
> 
> See above the proxy returned from the __conform__ method let
> us not set the __parent__ attribute. But if we get the adapter
> from the adapter service theres no problem. Because we don't have
> security-proxied around the adapted object. 
 > At least if we check this with isProxy(), we get a "false".

Sure, see my above suggestions.


> 
> Sorry, about my ugly english,

No problem. Thanks for speaking english.

Sorry I only speak English. (I am slowly learning Spanish. :)

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org