[Zope3-dev] ILocation code in zope/app/form/editview.py
Gary Poster
gary at zope.com
Tue Mar 8 16:58:59 EST 2005
On Mar 8, 2005, at 4:39 PM, Roger Ineichen wrote:
> Hi Gary
hi
> Behalf Of Gary Poster
>> Sent: Tuesday, March 08, 2005 8:49 PM
>> To: zope3-dev (E-mail)
>> Subject: [Zope3-dev] ILocation code in zope/app/form/editview.py
>>
>> Roger pointed out a problem with the new security checks in
>> zope/app/form/utility.py, setUpEditWidgets, when used in conjunction
>> with the LocationProxy.
>>
>> I've looked at it a bit: it's a bit thorny, with proxies inside of
>> proxies and some odd code. Jim's suggestion was to try and
>> bypass the
>> whole problem: get rid of the LocationProxy in editview.
<snip>
>
> Let's try it this way.
> I'm not happy with the LocationProxy too. But I can't tell
> it right now what this means to our framework right now.
> I have to write more tests.
>
> Right now I feel it's OK to remove the LocationProxy out
> of the EditView.
>
> CAn you do it right now?
I'd rather wait till tomorrow, but it is not out of the question.
Before I bother, have you made the change to your code to see if at
least minimally your application works, as well as you can test it?
> If not how can we check if we have
> a trusted adapter and just let this adapter pass the LocationProxy?
If I understand you, the current code does this. As I said in an
earlier email and on IRC, the solution for you now, I think, is to make
all of your trusted adapters implement
zope.app.location.interfaces.ILocation (or simply subclass
zope.app.location.Location).
> Let's do it and see whats next.
>
> But I think that's just a workarround and I feel not
> very good about it.
Yes and no. There do appear to be some problems with the
LocationProxy...maybe. Hard to tell. However, the fix Jim proposes is
a good choice to make for the form machinery, not merely a workaround.
> btw.
> We use a ContainerProxy adapter where we use as a
> additional IContainer implementation. This makes also
> use of LocationProxy for it's items.
> Hm, I really have to add more tests for this and check
> who the proxy/checker get's added.
Yep, proxies are heavy mojo. The fewer of them the better/easier.
> I think theres a deeper problem in the proxy/checker and
> trusted adapter concept. I'm sure they don't work well
> together in different combinations.
>
> I have to take a look with Dominik at this part till
> I can give the right answer.
OK, cool. Let me know if making your adapters subclass Location works.
If not, I'll try to get the Zope 3 check made, but I'm almost out of
time today.
Gary
More information about the Zope3-dev
mailing list