Hi Martin, Martin Aspeli, on 2007-04-18: >> Inherit from object >> ------------------- >> >> class MyView(object): >> def __init__(self, context, request): >> self.context = context >> self.request = request >> >> The view is not Acquisition wrapped, which means that any permission >> you set in the configure.zcml is ignored and everyone can see this >> view, right? >> >> You define your own __init__() so you can handle the context anyway you >> please. >> > > This doesn't work in Zope 2. You need to inherit from Acquisition.Explicit > at a minimum, or you'll get strange security errors.
I switched eXtremeManagement browser views from object to Five's BrowserView because it is supposedly better. Diffs are here: http://dev.plone.org/collective/changeset/40756 http://dev.plone.org/collective/changeset/40771 But it worked fine before those changes. I did not see security errors. That is on Zope 2.9, Plone 2.5. It might depend on what exactly is done in those browser views, but the things that my browser views do apparently do not cause strange security errors. Maybe I was just lucky. :) >> Inherit from Five >> ----------------- >> >> from Products.Five.browser import BrowserView >> class MyView(BrowserView): >> >> The view is Acquisition wrapped, so Zope security kicks in, which is >> probably good. >> >> If you do not overwrite the __init__() you can use the context with >> self.context. >> > > This is the correct approach, imho. However, note that whe you access > 'self.context' it will be aq wrapped in the context of the view (since it > inherits from Acquisition.Explicit). If self.context is a content item, it > also has an inner acquisition chain from its containment. If you do > something on the object that needs to e.g. acquire tools or perform explicit > security checks, you probably want the inner chain since the outer one > contains the view. So getToolByName(self.context, 'portal_catalog') could go wrong? It works for me. Come to think of it, it also seems to be fine when I do this: getToolByName(self, 'portal_catalog') where self is the View. Am I overlooking anything? > Therefore, I find it much safer to always do; > > from Acquisition import aq_inner > from Products.Five.browser import BrowserView > > class MyView(BrowserView): > > def some_method(self): > context = aq_inner(self.context) > # use context in some way I think I will try that too. >> Inherit from Plone >> ------------------ >> >> from Products.CMFPlone import utils >> class MyView(utils.BrowserView): > > I really hate this view, and we're not using it any more in new views in > Plone 3. I will avoid this too then. > Apart from a conscious move away from Products.CMFPlone.utils.BrowserView, > I'm not aware of any incompatabilities between the use of views in Plone 2.5 > and Plone 3. Great, thanks. -- Maurits van Rees | http://maurits.vanrees.org/ [NL] Work | http://zestsoftware.nl/ "Do not worry about your difficulties in computers, I can assure you mine are still greater." _______________________________________________ Product-Developers mailing list [email protected] http://lists.plone.org/mailman/listinfo/product-developers
