-----BEGIN PGP SIGNED MESSAGE-----
On 6 Jan 2007, at 21:49, Martin Aspeli wrote:
Also, getToolByName remains and is almost certainly the way forward
for all TTW code still, because it lets us aq wrap, it removes the
need to make all interfaces importable in untrusted code, and it
can do any additional security related things. In filesystem code,
though, I think the security aspect won't matter in most cases.
getToolByName on the branch will give you a DeprecationWarning. The
branch does provide an alternative to getToolByName for untrusted
code that I think is close to the whole utility idea. I call it
"getToolByInterfaceName" and instead of a tool ID you pass in the
interface's dotted name as a string:
whereas everything else stays the same, meaning you can pass in a
default, and the method will wrap the tool before handing it back.
However, instead of AttributeError, this one raises
ComponentLookupError, but that decision can always be revisited.
Now, the main issue is still there, how to deal with tool wrapping
when calling getUtility/queryUtility in trusted code. Doing it every
time right after the call is stupid. I like Tres' hardline assertion
that we must have it wrapped every time, automatically. This needs to
be implemented somehow, maybe in Five as he suggests.
How do we proceed?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
Zope-CMF maillist - Zope-CMF@lists.zope.org
See http://collector.zope.org/CMF for bug reports and feature requests