Hi Wichert!

Wichert Akkerman wrote:
> Previously yuppie wrote:
>> 2.) The distinction between allowType() and isConstructionAllowed() was 
>> clear in CMF 2.1: allowType() checked a cheap, not permission related 
>> CMF specific restriction. isConstructionAllowed() checked generic 
>> permission related restictions. The new restrictions 
>> _checkWorkflowAllowed and ITypeConstructionFilter don't fit in one of 
>> these two categories.
> Is there a reason that the two have to be separate?

I don't know the reasons, I just can guess. AFAICS it's not absolutely 
necessary, but using one method would require several changes.

> What is the downside
> of one call that does all necessary checks?

These come to my mind:

- You no longer can use TypeInformation.constructInstance to bypass the 
allowType() check. PortalFolderBase.invokeFactory checks allowType() 
before calling constructInstance.

- You no longer can call CopyContainer._verifyObjectPaste from 
PortalFolderBase._verifyObjectPaste without performing redundant 
permission checks.

- Actions have a similar distinction between 'available' and 'allowed'. 
The new 'add' actions in CMF 2.2 map allowType() and 
isConstructionAllowed() to 'available' and 'allowed' keys.

>> allowType() and isConstructionAllowed() are both the wrong place for 
>> checking additional restrictions. But allowType() could become part of a 
>> more general precondition that could be checked by checkObject and a new 
>> checkPortalType (=CMF specific checkFactory) function.
> How do you see this working? If it's simple enough I might have enough
> time to work on it this week.

In CMF we would add a __setattr__.precondition to IFolderish, Plone 
folders would use a modified interface with a different precondition.

The preconditions would implement an interface like this one:

   class IFolderishPrecondition(Interface):

       def __call__(container, name, object):
           """Test whether container setitem arguments are valid.

           Raise zope.interface.Invalid if the object is invalid.

       def portaltype(container, name, portaltype):
           """Test whether objects provided by the portal type are 

           Return a boolean value.

_verifyObjectPaste would use checkObject, other places where currently 
allowType() is used would use a new checkPortalType function.

Does that make sense to you?



Zope-CMF maillist  -  Zope-CMF@lists.zope.org

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

Reply via email to