Re: [Zope-dev] brain.getObject and traversal

2005-04-04 Thread Chris Withers 
Florent Guillaume wrote:
Is everyone ok with returning
 - the object if it can be accessed
 - raise Unauthorized if it can't be accessed
 - raise NotFound if it's not there
Please don't catch any exceptions and re-raise them in a different type, 
just let them pass through.

I specifically don't think raising a normal NotFound when the catalog 
has a brain that doesn't map to an object is the right thing to do. I'd 
much prefer a BrainHasNoMatchingObject exception or some such which is 
nice and clear...

cheers,
Chris
--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] brain.getObject and traversal

2005-04-01 Thread Chris Withers 
Florent Guillaume wrote:
Well of course no, but I never had to check a getObject() against 
Unauthorized. Maybe it's because I only use it in a CMF setting where 
unaccessible objects are filtered anyway.
Maybe,  but CMF isn't the only use of Zope ;-)
OTOH you're a bit excessive in your Whole array of possible distinct 
errors.
Not really. I want to know the difference between:
- unauthorized: my object has problems and probably needs its 
permissions fixing

- not found: I want to know why an object is indexed that doesn't exist 
and fix that

- other random error: damn, big problems with catalog, need to post to lists
In all three cases, knowing the type of error and getting a sensible 
traceback in my logs is infinitely more useful than a random...

AttributeError: None has no attribute x
...error at some point in the future, which may be no-where near the 
actual catalog search.

cheers,
Chris
--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] brain.getObject and traversal

2005-04-01 Thread Florent Guillaume 
Florent Guillaume  [EMAIL PROTECTED] wrote:
  Unauthorized in getObject is out of the question, that would be new 
  behaviour.
  
  Well, in 2.8, new behaviour is expected, right?
  I really passionately believe that we should not be returnining None in 
  Zope 2.8, and since 2.8 hasn't quite hit beta yet I'm very keen to see 
  it fixed asap.
  
  Any objections?
 
 I'm ok for 2.8. I'll look at it.

Is everyone ok with returning
 - the object if it can be accessed
 - raise Unauthorized if it can't be accessed
 - raise NotFound if it's not there
and never return None ?

I'll change that before tomorrow, for 2.8a2.

(I'll change NotFound in Traversal.py to a real exception instead of a
string too, I thought we'd killed those.)

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of RD
+33 1 40 33 71 59   http://nuxeo.com   [EMAIL PROTECTED]
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] brain.getObject and traversal

2005-04-01 Thread Dieter Maurer 
Florent Guillaume wrote at 2005-4-1 13:21 +0200:
Florent Guillaume  [EMAIL PROTECTED] wrote:
  Unauthorized in getObject is out of the question, that would be new 
  behaviour.
  
  Well, in 2.8, new behaviour is expected, right?
  I really passionately believe that we should not be returnining None in 
  Zope 2.8, and since 2.8 hasn't quite hit beta yet I'm very keen to see 
  it fixed asap.
  
  Any objections?
 
 I'm ok for 2.8. I'll look at it.

Is everyone ok with returning
 - the object if it can be accessed
 - raise Unauthorized if it can't be accessed
 - raise NotFound if it's not there
and never return None ?

Remapping exceptions is a bad idea.
Usually, valuable information is lost in the process.

If you change the returning None, then you should let
through whatever exception is caused.

-- 
Dieter
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] brain.getObject and traversal

2005-03-31 Thread Roché Compaan 
On Thu, 2005-03-31 at 13:02 +0100, Chris Withers wrote:
  Would anyone object if I wrote tests and changed the implementation to 
  raise exceptions, including Unauthorized, instead of returning None?
  
  Unauthorized in getObject is out of the question, that would be new 
  behaviour.
 
 Well, in 2.8, new behaviour is expected, right?
 I really passionately believe that we should not be returnining None in 
 Zope 2.8, and since 2.8 hasn't quite hit beta yet I'm very keen to see 
 it fixed asap.
 
 Any objections?

No, I agree that it should raise Unauthorized. Just make sure that this
is communicated properly at release time.

-- 
Roché Compaan
Upfront Systems http://www.upfrontsystems.co.za

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] brain.getObject and traversal

2005-03-31 Thread Florent Guillaume 
Chris Withers wrote:
You're mistaken. The old code did:
  def getObject(self, REQUEST=None):
Try to return the object for this record
try:
obj = self.aq_parent.unrestrictedTraverse(self.getPath())
if not obj:
if REQUEST is None:
REQUEST = self.REQUEST
obj = self.aq_parent.resolve_url(self.getPath(), REQUEST)
return obj
except:
zLOG.LOG('CatalogBrains', zLOG.INFO, 'getObject raised an 
error',
 error=sys.exc_info())
pass

Which effectively returns None.

Interesting. Where did that code come from?
It's been there for longer than I've being doing Zope.
http://cvs.zope.org/Zope/lib/python/Products/ZCatalog/Attic/CatalogBrains.py?hideattic=1content-type=text/vnd.viewcvs-markuprev=1.1.4.4
All robust old code had to be able to test for None, because it was 
returned in many cases (when indexes got desynchronised, due to 
transaction bugs for instance, or manage_beforeDelete swallowing 
stuff, or conflict errors happening...). I know I had to add lots in 
my code.
Just because you had to do it in old code doesn't make it not evil. 
Returning a meaningless value that masks a whole array of possible 
distinct errors that should all be handled in different ways is mind 
numbingly stupid IMNSHO. Why you feel so passionately that this should 
be the case is beyond me. Do you like using bare try: except:s 
throughout your code too?!
Well of course no, but I never had to check a getObject() against 
Unauthorized. Maybe it's because I only use it in a CMF setting where 
unaccessible objects are filtered anyway.

OTOH you're a bit excessive in your Whole array of possible distinct 
errors.

Unauthorized in getObject is out of the question, that would be new 
behaviour.
Well, in 2.8, new behaviour is expected, right?
I really passionately believe that we should not be returnining None in 
Zope 2.8, and since 2.8 hasn't quite hit beta yet I'm very keen to see 
it fixed asap.

Any objections?
I'm ok for 2.8. I'll look at it.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of RD
+33 1 40 33 71 59   http://nuxeo.com   [EMAIL PROTECTED]
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] brain.getObject and traversal

2005-03-30 Thread Florent Guillaume 
To try to clarify things even more:
The implementation of getObject I checked in a few days ago has the 
following properties:
1. it checks permissions only on the last step of the traversal,
2. it returns None if for some reason the object cannot be retrieved.

Now for the rationale:
1. is necessary in the presence of rights granted deeper in the 
hierarchy. There's no going around it.
2. is necessary for backward compatibility. *all* the previous 
implementations of getObject returned None in case of problems.

The implementation of 1. looks slightly convoluted but is necessary 
because we want to leave the details of the traversal (involving 
__bobo_traverse__, getitem, and checking security with the proper 
'accessed' and 'container') to (un)restrictedTraverse.

Florent
--
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of RD
+33 1 40 33 71 59   http://nuxeo.com   [EMAIL PROTECTED]
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] brain.getObject and traversal

2005-03-30 Thread Chris Withers 
Florent Guillaume wrote:
2. is necessary for backward compatibility. *all* the previous 
implementations of getObject returned None in case of problems.
This is the only bit I'm asking about, I accept that I'm in the insane 
minority on the other point ;-)

Just because that's what it did before doesn't mean we should leave it 
like that. I can see absolutely no benefit in returning None over 
raising a specific error.

Also, the original behaviour of getObject, prior to Casey's drastic and 
unexpected switch to restrictedTraverse(path,None) was to raise 
Unauthorized, NOT to return None.

I first became aware of Casey's changes when I upgraded a production 
Zope instance and started getting loads of random attribute errors where 
 I'd happilly been dealing with the Unauthorized's before.

So, for me, returning None is just plain evil. All it serves to do is 
mask an exception that's likely to be useful. If people are relying on 
it returning None, then it's a one line change in their code.

Now, the other problem I have with this fix is no tests were checked in 
for this. We should have tests that verify this behaves as it should, 
since those tests are likely to be the only formal documentation this 
issue ever receives ;-)

Would anyone object if I wrote tests and changed the implementation to 
raise exceptions, including Unauthorized, instead of returning None?

cheers,
Chris
--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] brain.getObject and traversal

2005-03-30 Thread Florent Guillaume 
Chris Withers wrote:
Just because that's what it did before doesn't mean we should leave it 
like that. I can see absolutely no benefit in returning None over 
raising a specific error.

Also, the original behaviour of getObject, prior to Casey's drastic and 
unexpected switch to restrictedTraverse(path,None) was to raise 
Unauthorized, NOT to return None.
You're mistaken. The old code did:
  def getObject(self, REQUEST=None):
Try to return the object for this record
try:
obj = self.aq_parent.unrestrictedTraverse(self.getPath())
if not obj:
if REQUEST is None:
REQUEST = self.REQUEST
obj = self.aq_parent.resolve_url(self.getPath(), REQUEST)
return obj
except:
zLOG.LOG('CatalogBrains', zLOG.INFO, 'getObject raised an 
error',
 error=sys.exc_info())
pass

Which effectively returns None.
I first became aware of Casey's changes when I upgraded a production 
Zope instance and started getting loads of random attribute errors where 
 I'd happilly been dealing with the Unauthorized's before.
You probably had the unauthorized *after* the getObject, when it 
returned to you an object you weren't actually supposed to try to access.

So, for me, returning None is just plain evil. All it serves to do is 
mask an exception that's likely to be useful. If people are relying on 
it returning None, then it's a one line change in their code.
All robust old code had to be able to test for None, because it was 
returned in many cases (when indexes got desynchronised, due to 
transaction bugs for instance, or manage_beforeDelete swallowing stuff, 
or conflict errors happening...). I know I had to add lots in my code.

Now, the other problem I have with this fix is no tests were checked in 
for this. We should have tests that verify this behaves as it should, 
since those tests are likely to be the only formal documentation this 
issue ever receives ;-)
Tests were checked in:
http://cvs.zope.org/Zope/lib/python/Products/ZCatalog/tests/Attic/testCatalog.py.diff?r1=1.22.12.6r2=1.22.12.7
(but zope-checkins list had problems that day, I don't know why, and the 
checkin mail never appeared).

Would anyone object if I wrote tests and changed the implementation to 
raise exceptions, including Unauthorized, instead of returning None?
Unauthorized in getObject is out of the question, that would be new 
behaviour.

Florent
--
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of RD
+33 1 40 33 71 59   http://nuxeo.com   [EMAIL PROTECTED]
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )