Ivan Raikov wrote:
> security machinery allows. I've always thought that it might be nice
> to provide a hook for each method in a Zope class (similar to
> declarative security statements), and to use this hook to validate the
> parameters, according to the needs of the user.

Now that's a brilliant idea :-)

Could you stick that in a Proposal and get it implemented? I'd love to use it...

>       For string parameters, perhaps we can also have the ability to
> specify a "filter" -- something like a search and replace statement,
> with Sed-like syntax.

Ah, but surely the hookable method you propose could be used to doing any
filtering required. This'd be my idea:

from coersion import coerce

def checkParms(self,args,kw):
  if args:
    raise TypeError,'Only keyword arguments allowed'

  if len(kw.keys())>1:
    raise TypeError,'Too many parameters supplied'

  param1 = kw.get('param1','')
  param1 = coerce(param1,'html',tags=self.allowed_tags)
  return ((),{'param1':param1})

def myClass(Folder):

  security = ClassSecurityInfo()

  def myMethod(self,param1):
    ...do stuff...

I just have a feeling that it might make your app crawl though :-(



Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to