Philipp von Weitershausen wrote:
Dieter Maurer wrote:
Chris McDonough wrote at 2006-3-13 10:21 -0500:
... silly id restrictions ...
Here's my current monkeypatch to Zope to unrestrict a good number of
""" Causes Zope to be less restrictive in the set of characters it
accepts as valid within object identifiers.
Added as acceptable: *'!:@&#=+$
acceptable = r'[^a-zA-Z0-9-_~,.$\(\)\[\]\*\'\!\:[EMAIL PROTECTED]&\#\=\+\$
bad_id = re.compile(acceptable).search
OFS.ObjectManager.bad_id = bad_id
The projects that use this patch have been in use for several years;
they predate Five. I of course don't mind continuing to do this, but
I'd hate to have to change it temporarily (to fix this bug which
actually isn't a bug for me because I don't use Five for these
projects) and then change it again when we do the pluggable thing.
Looks as if we had very similar project requirements...
Chris's and Dieter's requirements seem to even more confirm my proposal that we
should propertly factor this out to a name chooser adapter that everyone can
configure for themselves. Then this discussion what ObjectManager should do or
not do will become irrelevant because it won't do anything anymore :). This is
actually how Zope 3 containers work. They perform no name checks *at all*.
It's the application (in particular, the adding view) that does it.
Zope 2's ObjectManager class is not as abstract as Zope 3 containers
are. It provides a lot of folder specific behavior. I guess it would be
better to subclass ObjectManager from a generic container class than
trying to move all non-generic code in subclasses of ObjectManager.
Yuppie's concern are Zope versions 2.8 and 2.9.
Depends on the proposed solution for Zope 2.10. If you want to make a
distinction between ObjectManager and Folder I can live with it. But
Zope 2 folders should (by default) perform the same name checks as Zope
3 folders. And they don't allow names starting with '@'.
I say that we'd just have to
live with the fact that objects can shadow views there. Applications like the
CMF can make sure that they don't on an application-level, as Chris suggests,
preferrably through a name chooser adapter.
I try to restate the problem:
- It is quite common that normal users are allowed to add objects in
- If views are shadowed by objects this can seriously break the app.
- Good software makes sure normal users can't break the app.
Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder
methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3
folder views. Even the bad_id-patch described above doesn't allow to
override folder methods.
Making the name chooser configurable doesn't release us from the need to
provide a good default name chooser.
I still believe this should be fixed as I proposed, but given the
resistance I give up my attempt to get this fixed. This is now
http://www.zope.org/Collectors/Zope/2048 and I hope someone else will
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -