Re: [Zope-dev] Why does restrictedTraverse() in Zope 2 not respect IPublishTraverse adapters?
Jan Hackel wrote: > Some days ago I ran into the same problem, and have been pointed to this > thread. Maybe you are interested in my solution. It's ugly, but I needed it > for a test-case, where I wanted to access > "@@plone_context_state/is_view_template": > > >>> from ZPublisher.HTTPRequest import HTTPRequest > >>> from ZPublisher.HTTPResponse import HTTPResponse > >>> from Products.PloneTestCase import PloneTestCase > >>> import base64 > >>> user_id = PloneTestCase.default_user > >>> password = PloneTestCase.default_password > >>> encoded = base64.encodestring( '%s:%s' % ( user_id, password ) ) > >>> auth_header = 'basic %s' % encoded > >>> resp = HTTPResponse() > >>> env={'SERVER_URL':'http://nohost/plone', > ... 'URL':'http://nohost/plone', > ... 'HTTP_AUTHORIZATION': auth_header, > ... 'REQUEST_METHOD': 'GET', > ... 'steps': [], > ... '_hacked_path': 0, > ... '_test_counter': 0, > ... } > >>> request = HTTPRequest(stdin=None, environ=env, response=resp) > >>> request['PARENTS'] = [self.getPortal()] > >>> contextState = request.traverse("weblog/issue193/" > ... "@@plone_context_state") > >>> request['ACTUAL_URL'] = 'http://nohost/weblog/issue193' > >>> contextState.is_view_template() > True > >>> request.close() For this, you should possibly use zope.testbrowser (and Products.Five.testbrowser). The reason you needed this particular hack was that the is_view_template() method looks at the url quite specifically. For most cases, context.restrictedTraverse('@@plone_context_state') would've worked. Martin -- Author of `Professional Plone Development`, a book for developers who want to work with Plone. See http://martinaspeli.net/plone-book ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Why does restrictedTraverse() in Zope 2 not respect IPublishTraverse adapters?
Some days ago I ran into the same problem, and have been pointed to this thread. Maybe you are interested in my solution. It's ugly, but I needed it for a test-case, where I wanted to access "@@plone_context_state/is_view_template": >>> from ZPublisher.HTTPRequest import HTTPRequest >>> from ZPublisher.HTTPResponse import HTTPResponse >>> from Products.PloneTestCase import PloneTestCase >>> import base64 >>> user_id = PloneTestCase.default_user >>> password = PloneTestCase.default_password >>> encoded = base64.encodestring( '%s:%s' % ( user_id, password ) ) >>> auth_header = 'basic %s' % encoded >>> resp = HTTPResponse() >>> env={'SERVER_URL':'http://nohost/plone', ... 'URL':'http://nohost/plone', ... 'HTTP_AUTHORIZATION': auth_header, ... 'REQUEST_METHOD': 'GET', ... 'steps': [], ... '_hacked_path': 0, ... '_test_counter': 0, ... } >>> request = HTTPRequest(stdin=None, environ=env, response=resp) >>> request['PARENTS'] = [self.getPortal()] >>> contextState = request.traverse("weblog/issue193/" ... "@@plone_context_state") >>> request['ACTUAL_URL'] = 'http://nohost/weblog/issue193' >>> contextState.is_view_template() True >>> request.close() Grüße Jan Hackel Martin Aspeli wrote: > There's currently a funny inconsistency in Zope's Traversable class. If > you have a URL like http://localhost:8080/path/to/@@aview/foo, and > @@aview implements IPublishTraverse (and, I presume, if there's a custom > IPublishTraverse adapter for any other path component), URL traversal > will work fine, but calling to.restrictedTraverse('@@aview/foo') or some > variant thereof will fail, because (un)restrictedTraverse() does not > respect custom IPublishTraverse adapters. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Why does restrictedTraverse() in Zope 2 not respect IPublishTraverse adapters?
On Thu, May 14, 2009 at 10:55:40PM +0200, Laurence Rowe wrote: > > For maximum portability across Z2 / Z3 / BFG, you could just do the same > > thing and implement __getitem__ on any object you want to be traversable > > by either the publisher or APIs like (un)restrictedTraverse, and forego > > the over-complicated component-laden traversal dance. ;) > > Minimal example demonstrating this with a view in zope2: > > >>> from zope.component import getSiteManager > >>> from Testing.makerequest import makerequest > >>> from zope.publisher.browser import IBrowserView > >>> from Acquisition import Explicit > >>> from zope.component import getSiteManager > >>> app = makerequest(app) > >>> smgr = getSiteManager() > >>> class Foo(Explicit): > ... def __init__(self, context, request): > ... self.context, self.request = context, request > ... def __getitem__(self, key): > ... return int(key) > ... > >>> smgr.registerAdapter(Foo, (None, IRequest), IBrowserView, name='foo') > >>> app.unrestrictedTraverse('@@foo/12345') > 12345 Thanks for reminding me of this. I keep forgetting that this works! I only add that if you want to use __getitem__ for publishing, the items you return should inherit from Acquisition.(Im|Ex)plicit to make the security machinery happy. -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Why does restrictedTraverse() in Zope 2 not respect IPublishTraverse adapters?
Tres Seaver wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Martin Aspeli wrote: > >> There's currently a funny inconsistency in Zope's Traversable class. If >> you have a URL like http://localhost:8080/path/to/@@aview/foo, and >> @@aview implements IPublishTraverse (and, I presume, if there's a custom >> IPublishTraverse adapter for any other path component), URL traversal >> will work fine, but calling to.restrictedTraverse('@@aview/foo') or some >> variant thereof will fail, because (un)restrictedTraverse() does not >> respect custom IPublishTraverse adapters. > > 'restrictedTraverse' is not (and never has been) the same as URL > traversal. For instance: > > - - URL traversal does no security checking until it finds the published > object. > > - - URL traveresal manages the '__before_publishing_traverse__' hooks. > > > If you want your adapter to be respected by *both*, it needs to > implement the appropriate interfaces for both. > >> I can kind of see why it's done like this since it's called >> I*Publish*Traverse, but it is a pain. >> >> Note that namespace traversal (like ++skin++) works fine with >> restrictedTraverse(). >> >> I don't think it'd be hard to implement this, but: >> >> - is this a bug? > > No. > >> - is there a reason not to do this? > > - -1 to adding any more majyk to the over-complicated Z3-style traversal > dance inside Zope2, especially as it would involve a bunch of subtle > behavior changes which would be hard to explain. > > For maximum portability across Z2 / Z3 / BFG, you could just do the same > thing and implement __getitem__ on any object you want to be traversable > by either the publisher or APIs like (un)restrictedTraverse, and forego > the over-complicated component-laden traversal dance. ;) Minimal example demonstrating this with a view in zope2: >>> from zope.component import getSiteManager >>> from Testing.makerequest import makerequest >>> from zope.publisher.browser import IBrowserView >>> from Acquisition import Explicit >>> from zope.component import getSiteManager >>> app = makerequest(app) >>> smgr = getSiteManager() >>> class Foo(Explicit): ... def __init__(self, context, request): ... self.context, self.request = context, request ... def __getitem__(self, key): ... return int(key) ... >>> smgr.registerAdapter(Foo, (None, IRequest), IBrowserView, name='foo') >>> app.unrestrictedTraverse('@@foo/12345') 12345 Laurence ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Why does restrictedTraverse() in Zope 2 not respect IPublishTraverse adapters?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Aspeli wrote: > There's currently a funny inconsistency in Zope's Traversable class. If > you have a URL like http://localhost:8080/path/to/@@aview/foo, and > @@aview implements IPublishTraverse (and, I presume, if there's a custom > IPublishTraverse adapter for any other path component), URL traversal > will work fine, but calling to.restrictedTraverse('@@aview/foo') or some > variant thereof will fail, because (un)restrictedTraverse() does not > respect custom IPublishTraverse adapters. 'restrictedTraverse' is not (and never has been) the same as URL traversal. For instance: - - URL traversal does no security checking until it finds the published object. - - URL traveresal manages the '__before_publishing_traverse__' hooks. If you want your adapter to be respected by *both*, it needs to implement the appropriate interfaces for both. > I can kind of see why it's done like this since it's called > I*Publish*Traverse, but it is a pain. > > Note that namespace traversal (like ++skin++) works fine with > restrictedTraverse(). > > I don't think it'd be hard to implement this, but: > > - is this a bug? No. > - is there a reason not to do this? - -1 to adding any more majyk to the over-complicated Z3-style traversal dance inside Zope2, especially as it would involve a bunch of subtle behavior changes which would be hard to explain. For maximum portability across Z2 / Z3 / BFG, you could just do the same thing and implement __getitem__ on any object you want to be traversable by either the publisher or APIs like (un)restrictedTraverse, and forego the over-complicated component-laden traversal dance. ;) Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKDEz/+gerLs4ltQ4RAlYAAJ436Gtk2+ibpVAX/8H+Q6BOJ3+AWQCfT7HC kDTUth7NAOCOt6yrAWR20jY= =NvUz -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )