Re: [Zope-dev] is an object in a folder
Am Di, den 24.08.2004 schrieb Florent Guillaume um 17:48: from Acquisition import aq_base ... def hasObject(self, id): Test if an object is in the current object. if hasattr(aq_base(self), id): return 1 return 0 It would be nice and faster but it doesn't work for non-subobjects attributes. For instance your hasObject('meta_type') or hasObject('isPrincipiaFolderish') would return true. Isn't that what objectIds() is for? return id in self.objectIds() Christian -- Christian Theune [EMAIL PROTECTED] gocept gmbh co. kg signature.asc Description: Dies ist ein digital signierter Nachrichtenteil ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] is an object in a folder
On Thu, Aug 26, 2004 at 08:29:19AM +0200, Christian Theune wrote: Am Di, den 24.08.2004 schrieb Florent Guillaume um 17:48: from Acquisition import aq_base ... def hasObject(self, id): Test if an object is in the current object. if hasattr(aq_base(self), id): return 1 return 0 It would be nice and faster but it doesn't work for non-subobjects attributes. For instance your hasObject('meta_type') or hasObject('isPrincipiaFolderish') would return true. Isn't that what objectIds() is for? return id in self.objectIds() Object might contain lots of subobjects. Returned list might be very big. -- Maciej Pietrzak jid:[EMAIL PROTECTED] email:[EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] APE leaving SQL transactions open
Hi Shane, we have a PostgreSQL DA object in place, but we are not using it in our tests. Hope this helps. Best regards. Paolo One thing I wonder, though, is whether you're simultaneously connecting to Postgres using a Zope database adapter. It shouldn't matter, but who knows, maybe it does. Shane -- Paolo Bizzarri - President - Icube S.r.l. Address:Via Ridolfi 15 - 56124 Pisa (PI), Italy E-mail: [EMAIL PROTECTED] Web:http://www.icube.it Phone: (+39) 050 97 02 07 Fax:(+39) 050 31 36 588 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Protected session items?
In TransientObject __guarded_setitem__ is just set to __setitem__. This means, that everything you set in the session dictionary is changeable through user code. Is there a good reason for this? I think it would be nice if I could set secret things in the session, mainly authentication information. If i do this currently, any user code can change it, which isn't exactly safe. REQUEST.SESSION['__ac_username'] = 'root' Ooops! :) This change: def __guarded_setitem__(self, k, v): if k[0] == '_': raise SomeThingOrAnotherError self.__setitem__(k, v) Fixes that. Then you can only set it from protected code. Is there some reason why this is NOT a good idea? //Lennart ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: is an object in a folder
Why not: def hasObject(self, id): Test if an object is in the current object. return id in self.objectIds() Suresh Florent Guillaume [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'd like to add a method like def hasObject(self, id): Test if an object is in the current object. for o in self._objects: if o['id'] == id: return 1 return 0 to ObjectManager. This would bring it in line with BTreeFolder2 (who already has an hasObject method) and we could then always use the most efficient method to test if a folder has a given subobject id. Opinions ? Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 71 59 http://nuxeo.com mailto:[EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Protected session items?
On Thu, 2004-08-26 at 11:06, Lennart Regebro wrote: In TransientObject __guarded_setitem__ is just set to __setitem__. This means, that everything you set in the session dictionary is changeable through user code. Is there a good reason for this? I don't think __guarded_setitem__ is at fault. I think it would be nice if I could set secret things in the session, mainly authentication information. If i do this currently, any user code can change it, which isn't exactly safe. REQUEST.SESSION['__ac_username'] = 'root' Ooops! :) REQUEST.SESSION.set('__ac_username', 'root') Nothing magic about __guarded_setitem__ unfortunately. For this particular case maybe just don't trust __ac_username in the session; just put the credentials in the session as __ac and do what CookieCrumbler does (set REQUEST._auth, and so on) on each request from trusted code. Then it becomes exactly as safe as basic auth or cookie auth wrt risk of identity change. I agree though that it would be nice to be able to have a kind of session where the ability to write anything into it could be restricted by a permission. This change: def __guarded_setitem__(self, k, v): if k[0] == '_': raise SomeThingOrAnotherError self.__setitem__(k, v) Fixes that. Then you can only set it from protected code. Is there some reason why this is NOT a good idea? Since nobody does attribute access with a session (SESSION.__ac_username), they always do SESSION['__ac_username'], or SESSION.get('__ac_username'), it's even more magical than usual in the Zope sense. The session was always meant to act almost exactly like a dictionary and not like a typical persistent SimpleItem-based Zope object. I suspect that the problem of providing authorized session data access can be solved using permissions and place instead of baking the underscore hack in (a separate session data manager and/or transient object container could be used to provide this kind of session and it could be put in a separate place). Too bad I didn't anticipate this in TransientObject and protect the setting methods with some permission (they're all public now). But maybe a subclass or alternate implementation could do that? - C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )