Re: [Zope-dev] is an object in a folder

2004-08-26 Thread Christian Theune 
Am Di, den 24.08.2004 schrieb Florent Guillaume um 17:48:
  from Acquisition import aq_base
  ...
  def hasObject(self, id):
  Test if an object is in the current object.
  
  if hasattr(aq_base(self), id):
  return 1
  return 0
 
 It would be nice and faster but it doesn't work for non-subobjects
 attributes. For instance your hasObject('meta_type') or
 hasObject('isPrincipiaFolderish') would return true.

Isn't that what objectIds() is for?

return id in self.objectIds()

Christian
-- 
Christian Theune [EMAIL PROTECTED]
gocept gmbh  co. kg


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] is an object in a folder

2004-08-26 Thread Maciej Pietrzak 
On Thu, Aug 26, 2004 at 08:29:19AM +0200, Christian Theune wrote:
 Am Di, den 24.08.2004 schrieb Florent Guillaume um 17:48:
   from Acquisition import aq_base
   ...
   def hasObject(self, id):
   Test if an object is in the current object.
   
   if hasattr(aq_base(self), id):
   return 1
   return 0
  
  It would be nice and faster but it doesn't work for non-subobjects
  attributes. For instance your hasObject('meta_type') or
  hasObject('isPrincipiaFolderish') would return true.
 
 Isn't that what objectIds() is for?
 
 return id in self.objectIds()
 

Object might contain lots of subobjects. Returned list might be very
big.


-- 
Maciej Pietrzak
jid:[EMAIL PROTECTED]
email:[EMAIL PROTECTED]
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] APE leaving SQL transactions open

2004-08-26 Thread Paolo Bizzarri 
Hi Shane,

we have a PostgreSQL DA object in place, but we are not using it in our tests.  

Hope this helps.

Best regards.

Paolo

 One thing I wonder, though, is whether you're simultaneously connecting to
 Postgres using a Zope database adapter.  It shouldn't matter, but who
 knows, maybe it does.

 Shane

-- 
Paolo Bizzarri - President - Icube S.r.l.
Address:Via Ridolfi 15 - 56124 Pisa (PI), Italy
E-mail: [EMAIL PROTECTED]   Web:http://www.icube.it
Phone:  (+39) 050 97 02 07  Fax:(+39) 050 31 36 588
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Protected session items?

2004-08-26 Thread Lennart Regebro 
In TransientObject __guarded_setitem__ is just set to __setitem__.
This means, that everything you set in the session dictionary is 
changeable through user code. Is there a good reason for this?

I think it would be nice if I could set secret things in the session, 
mainly authentication information. If i do this currently, any user code 
can change it, which isn't exactly safe.

   REQUEST.SESSION['__ac_username'] = 'root'
Ooops! :)
This change:
def __guarded_setitem__(self, k, v):
if k[0] == '_':
raise SomeThingOrAnotherError
self.__setitem__(k, v)
Fixes that. Then you can only set it from protected code.
Is there some reason why this is NOT a good idea?
//Lennart
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: is an object in a folder

2004-08-26 Thread sureshvv 
Why not:

  def hasObject(self, id):
  Test if an object is in the current object.
  return id in self.objectIds()

Suresh

Florent Guillaume [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 I'd like to add a method like

  def hasObject(self, id):
  Test if an object is in the current object.
  for o in self._objects:
  if o['id'] == id:
  return 1
  return 0

 to ObjectManager.

 This would bring it in line with BTreeFolder2 (who already has an
 hasObject method) and we could then always use the most efficient method
 to test if a folder has a given subobject id.

 Opinions ?

 Florent

 -- 
 Florent Guillaume, Nuxeo (Paris, France)
 +33 1 40 33 71 59  http://nuxeo.com  mailto:[EMAIL PROTECTED]
 ___
 Zope-Dev maillist  -  [EMAIL PROTECTED]
 http://mail.zope.org/mailman/listinfo/zope-dev
 **  No cross posts or HTML encoding!  **
 (Related lists -
  http://mail.zope.org/mailman/listinfo/zope-announce
  http://mail.zope.org/mailman/listinfo/zope )




___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Protected session items?

2004-08-26 Thread Chris McDonough 
On Thu, 2004-08-26 at 11:06, Lennart Regebro wrote:
 In TransientObject __guarded_setitem__ is just set to __setitem__.
 This means, that everything you set in the session dictionary is 
 changeable through user code. Is there a good reason for this?

I don't think __guarded_setitem__ is at fault.

 I think it would be nice if I could set secret things in the session, 
 mainly authentication information. If i do this currently, any user code 
 can change it, which isn't exactly safe.
 
 REQUEST.SESSION['__ac_username'] = 'root'
 
 Ooops! :)

REQUEST.SESSION.set('__ac_username', 'root')

Nothing magic about __guarded_setitem__ unfortunately.

For this particular case maybe just don't trust __ac_username in the
session; just put the credentials in the session as __ac and do what
CookieCrumbler does (set REQUEST._auth, and so on) on each request from
trusted code.  Then it becomes exactly as safe as basic auth or cookie
auth wrt risk of identity change.

I agree though that it would be nice to be able to have a kind of
session where the ability to write anything into it could be restricted
by a permission.

 This change:
 
  def __guarded_setitem__(self, k, v):
  if k[0] == '_':
  raise SomeThingOrAnotherError
  self.__setitem__(k, v)
 
 Fixes that. Then you can only set it from protected code.
 Is there some reason why this is NOT a good idea?

Since nobody does attribute access with a session
(SESSION.__ac_username), they always do SESSION['__ac_username'], or
SESSION.get('__ac_username'), it's even more magical than usual in the
Zope sense.  The session was always meant to act almost exactly like a
dictionary and not like a typical persistent SimpleItem-based Zope
object.

I suspect that the problem of providing authorized session data access
can be solved using permissions and place instead of baking the
underscore hack in (a separate session data manager and/or transient
object container could be used to provide this kind of session and it
could be put in a separate place).  Too bad I didn't anticipate this in
TransientObject and protect the setting methods with some permission
(they're all public now).  But maybe a subclass or alternate
implementation could do that?

- C


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )