[Zope-CMF] Re: [CMF 2.1] FSPageTemplate & Unicode

Sat, 06 Jan 2007 14:04:13 -0800 

Hi Jens,


getToolByName on the branch will give you a DeprecationWarning.



In light of what we're seeing here, and because there is *so* much third 
party code using getToolByName(), perhaps a DeprecationWarning (and 
worse, speedy deprecation) is a bit premature? I don't think we can get 
rid of getToolByName() for a long time, practically, but new code should 
be encouraged from using the new utility based lookup.



Before that happens, though, this needs to work 100% of the time, 
without requring client code to play aq tricks.



The  
branch does provide an alternative to getToolByName for untrusted  
code that I think is close to the whole utility idea. I call it  
"getToolByInterfaceName" and instead of a tool ID you pass in the  
interface's dotted name as a string:


getToolByName(context, 'portal_actions')

would become


getToolByInterfaceName(context,  
'Products.CMFCore.interfaces.IActionsTool')



whereas everything else stays the same, meaning you can pass in a  
default, and the method will wrap the tool before handing it back.  
However, instead of AttributeError, this one raises  
ComponentLookupError, but that decision can always be revisited.



So what does this really buy us over, say, a map of tools names to 
interfaces? Is it (in the short/medium term) really worth spewing 
warning from tons and tons of code?



Now, the main issue is still there, how to deal with tool wrapping  
when calling getUtility/queryUtility in trusted code. Doing it every  
time right after the call is stupid. I like Tres' hardline assertion  
that we must have it wrapped every time, automatically. This needs to  
be implemented somehow, maybe in Five as he suggests.



I'm not quite sure I follow the argument that it must be wrapped every 
time. I agree that it must for TTW code (page templates, scripts), for 
security. For other things, we may want instead to rely on the pattern 
that's been mentioned: use getUtility(ISiteRoot) to get the portal root 
and don't rely on acquiring attributes (from self in the tool) otherwise.


I may not have fully understood the implications of this, though.

Martin

_______________________________________________
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests





























					Reply via email to