Re: [Zope] How to use ZPT with ad-hoc context?

2009-05-04 Thread Daniel Dekany
Monday, May 4, 2009, 9:18:52 PM, Hedley Roos wrote:

>>> __allow_access_to_unprotected_subobjects__ = 1
>>
>> That indeed works, thanks!
>>
>>> You probably should not use that line too often :)
>>
>> I would prefer doing it correctly/safely, but is there a way? Because
>> it even exposes the unprotected subobjects of the acquired objects...
>> sounds a bit scary to me.
>
> I don't know what your use case is, but you could either:
> 1) Expose attributes through methods on your Adhoc class
> 2) Use a browser view, which is what I'd do.

The use-case is that there is a product that collects information from
other objects, depending on the current user and on query parameters,
and that collected information should be present as a HTML page... so
I think 1) won't work here. Regarding 2), I don't know this "browser
view" thing, but I recon that's a Five/Zope 3 feature, is it? Because
unfortunately it's a messy 2.7.6 + Plone 2.0 instance here, and it's
not like I can migrate it before the current job is done.

> Hedley
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

-- 
Best regards,
 Daniel Dekany

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] How to use ZPT with ad-hoc context?

2009-05-04 Thread Hedley Roos
>> __allow_access_to_unprotected_subobjects__ = 1
>
> That indeed works, thanks!
>
>> You probably should not use that line too often :)
>
> I would prefer doing it correctly/safely, but is there a way? Because
> it even exposes the unprotected subobjects of the acquired objects...
> sounds a bit scary to me.

I don't know what your use case is, but you could either:
1) Expose attributes through methods on your Adhoc class
2) Use a browser view, which is what I'd do.

Hedley
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] How to use ZPT with ad-hoc context?

2009-05-04 Thread Daniel Dekany
Monday, May 4, 2009, 11:59:21 AM, Hedley Roos wrote:

 > Daniel Dekany wrote:
 >> How to create a template context ("here" inside ZPT) that is not an
 >> object from the ZODB, just a temporary object? This is what I tried:
 >>
 >> class AdhocContext(Implicit):
 >> pt = PageTemplateFile("whatever/path",  globals())
 >> ...
 >>
 >> MyZopeProduct:
 >>
 >>   def whatever(self):
 >> "Test"
 >> ctx = AdhocContext().__of__(self)
 >> return ctx.pt()
 >>
 >> The problem I have with this is that I can't access anything in
 >> AdhocContext from the ZPT because the security manager blocks it (I
 >> didn't forget to security.declarePublic + document what I wanted to
 >> access). Is there a simple trick to solve this? (BTW, I will need to
 >> invoke some Plone macros from that ZPT too... I hope that will just
 >> work if this security matter is solved.)
 >>
>
>
> You don't have to create the page template as an attribute of a class.
> You can declare it as a local variable
>
> pt = ZopeTwoPageTemplateFile('template.pt')
>
> and then do
>
> extra_context = {'context': some_context}
> html = pt.pt_render(extra_context=extra_context)
>
> The context variable in your template will then be what you want it to be.

For some reason doing that results in "'str' object is not callable"
error... but I didn't dig into it much, as using the pt as attribute
of the context class is not an issue for me.

> If you still encounter security problems then add this line directly 
> after you declare class AdhocContext
>
> __allow_access_to_unprotected_subobjects__ = 1

That indeed works, thanks!

> You probably should not use that line too often :)

I would prefer doing it correctly/safely, but is there a way? Because
it even exposes the unprotected subobjects of the acquired objects...
sounds a bit scary to me.

> Hedley
>
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

-- 
Best regards,
 Daniel Dekany

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] How to use ZPT with ad-hoc context?

2009-05-04 Thread Hedley Roos
Daniel Dekany wrote:
 > How to create a template context ("here" inside ZPT) that is not an
 > object from the ZODB, just a temporary object? This is what I tried:
 >
 > class AdhocContext(Implicit):
 > pt = PageTemplateFile("whatever/path",  globals())
 > ...
 >
 > MyZopeProduct:
 >
 >   def whatever(self):
 > "Test"
 > ctx = AdhocContext().__of__(self)
 > return ctx.pt()
 >
 > The problem I have with this is that I can't access anything in
 > AdhocContext from the ZPT because the security manager blocks it (I
 > didn't forget to security.declarePublic + document what I wanted to
 > access). Is there a simple trick to solve this? (BTW, I will need to
 > invoke some Plone macros from that ZPT too... I hope that will just
 > work if this security matter is solved.)
 >


You don't have to create the page template as an attribute of a class. 
You can declare it as a local variable

pt = ZopeTwoPageTemplateFile('template.pt')

and then do

extra_context = {'context': some_context}
html = pt.pt_render(extra_context=extra_context)

The context variable in your template will then be what you want it to be.

If you still encounter security problems then add this line directly 
after you declare class AdhocContext

__allow_access_to_unprotected_subobjects__ = 1

You probably should not use that line too often :)

Hedley

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )