[Zope3-dev] Re: Finding context in a vocabulary
Stephan Richter
srichter at cosmos.phy.tufts.edu
Wed Oct 6 08:29:45 EDT 2004
On Monday 04 October 2004 11:14, Philipp von Weitershausen wrote:
> > I'm not sure I understand what's going on here, and the handbook doesn't
> > go into removeSecurityProxy in any depth. Without the example of
> > ManageVocabulary, I would have been lost at this point.
>
> In Zope, objects are security proxied towards components that are
> user-invoked. When a user invokes a view which gets an annotation
> adapter for an object, the object will be security proxied. Normally,
> this behaviour is wanted because it makes security more fine-grained.
> However, in case of adapters that work on annotations (e.g.
> ZopeDublinCore), we usually use *trusted* adapters, which means that
> their context will NOT be proxied. In order to still enforce security,
> you have to provide security declarations for the adapter class itself,
> which normally isn't necessary. The Bugtracker code hasn't been updated
> yet but it should. Take a look at the ZopeDublinCore configuration
> (<adapter ... trusted="yes" /> and its security declarations) and you'll
> see how to do it.
The bug tracker has been updated. The comment above the security proxy removal
line clearly states:
# When we use this vocabulary as an adapter, we always get an
# unproxied context, but when it is used as a vocabulary, we usually
# get proxied context, in which case we need to unwrap it.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list