Maurits van Rees wrote:
Hi Martin,
Martin Aspeli, on 2007-04-18:
Inherit from object
-------------------
class MyView(object):
def __init__(self, context, request):
self.context = context
self.request = request
The view is not Acquisition wrapped, which means that any permission
you set in the configure.zcml is ignored and everyone can see this
view, right?
You define your own __init__() so you can handle the context anyway you
please.
This doesn't work in Zope 2. You need to inherit from Acquisition.Explicit
at a minimum, or you'll get strange security errors.
I switched eXtremeManagement browser views from object to Five's
BrowserView because it is supposedly better. Diffs are here:
http://dev.plone.org/collective/changeset/40756
http://dev.plone.org/collective/changeset/40771
But it worked fine before those changes. I did not see security
errors. That is on Zope 2.9, Plone 2.5.
It might depend on what exactly is done in those browser views, but
the things that my browser views do apparently do not cause strange
security errors. Maybe I was just lucky. :)
Probably you were, yes. Trust me, you need acquisition in there.
Inherit from Five
-----------------
from Products.Five.browser import BrowserView
class MyView(BrowserView):
The view is Acquisition wrapped, so Zope security kicks in, which is
probably good.
If you do not overwrite the __init__() you can use the context with
self.context.
This is the correct approach, imho. However, note that whe you access
'self.context' it will be aq wrapped in the context of the view (since it
inherits from Acquisition.Explicit). If self.context is a content item, it
also has an inner acquisition chain from its containment. If you do
something on the object that needs to e.g. acquire tools or perform explicit
security checks, you probably want the inner chain since the outer one
contains the view.
So getToolByName(self.context, 'portal_catalog') could go wrong? It
works for me.
It'll work, but it's more subtle than that. To understand what's going
on, you need to put a pdb breakpoint in a method in a view, e.g. try:
class MyView(BrowserView):
def __call__(self):
Come to think of it, it also seems to be fine when I do this:
getToolByName(self, 'portal_catalog')
where self is the View.
Am I overlooking anything?
Therefore, I find it much safer to always do;
from Acquisition import aq_inner
from Products.Five.browser import BrowserView
class MyView(BrowserView):
def some_method(self):
context = aq_inner(self.context)
# use context in some way
I think I will try that too.
Inherit from Plone
------------------
from Products.CMFPlone import utils
class MyView(utils.BrowserView):
I really hate this view, and we're not using it any more in new views in
Plone 3.
I will avoid this too then.
Apart from a conscious move away from Products.CMFPlone.utils.BrowserView,
I'm not aware of any incompatabilities between the use of views in Plone 2.5
and Plone 3.
Great, thanks.
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
