I'm building a DataBlob class (which inherits from SimpleItem.Item,
Persistent and RoleManager), a generic object for storing data is such
that you can do the following in a form-processing method:

<dtml-with "manage_addProduct['DataBlob']">
  <dtml-call "manage_addDataBlob(id='Fred')">
  <dtml-call "fred.setFromForm()">

The other idea is that blob contents can be accessed either as
attributes or dictionary keys.

So, you could do:

a.x = 'my value for x'


a['x'] = 'another value'

Unfortunately, that also means you could do:

a.setFromForm = my_malicious_function

...for example

So, I was going to override __setattr__ with something like the
(data is a list of names of attributes that may be set...)

def __setattr__(self,name,value):
        if hasattr(self,name) and not name in self.data:
                raise 'Oh no you don't!'
        SimpleItem.Item.__setattr__(self,name,value) # this is the bit that
worries me

I think this should work in 2.2, but what about that line, should it be
Item.__setattr__ or Persistent.__setattr__ ?

Is ther eanything else I've missed?



Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to