Hash: SHA1

On 6 Jan 2007, at 21:49, Martin Aspeli wrote:
Also, getToolByName remains and is almost certainly the way forward for all TTW code still, because it lets us aq wrap, it removes the need to make all interfaces importable in untrusted code, and it can do any additional security related things. In filesystem code, though, I think the security aspect won't matter in most cases.

getToolByName on the branch will give you a DeprecationWarning. The branch does provide an alternative to getToolByName for untrusted code that I think is close to the whole utility idea. I call it "getToolByInterfaceName" and instead of a tool ID you pass in the interface's dotted name as a string:

getToolByName(context, 'portal_actions')

would become

getToolByInterfaceName(context, 'Products.CMFCore.interfaces.IActionsTool')

whereas everything else stays the same, meaning you can pass in a default, and the method will wrap the tool before handing it back. However, instead of AttributeError, this one raises ComponentLookupError, but that decision can always be revisited.

Now, the main issue is still there, how to deal with tool wrapping when calling getUtility/queryUtility in trusted code. Doing it every time right after the call is stupid. I like Tres' hardline assertion that we must have it wrapped every time, automatically. This needs to be implemented somehow, maybe in Five as he suggests.

How do we proceed?


Version: GnuPG v1.4.5 (Darwin)

Zope-CMF maillist  -  Zope-CMF@lists.zope.org

See http://collector.zope.org/CMF for bug reports and feature requests

Reply via email to