Hi Philipp!
Philipp von Weitershausen wrote:
Dieter Maurer wrote:
Chris McDonough wrote at 2006-3-13 10:21 -0500:
... silly id restrictions ...
Here's my current monkeypatch to Zope to unrestrict a good number of
characters:
def patch_objectmanager_badid():
""" Causes Zope to be less restrictive in the set of characters it
accepts as valid within object identifiers.
Added as acceptable: []*'!:@&#=+$
"""
import re
acceptable = r'[^a-zA-Z0-9-_~,.$\(\)\[\]\*\'\!\:[EMAIL PROTECTED]&\#\=\+\$
]'
bad_id = re.compile(acceptable).search
import OFS.ObjectManager
OFS.ObjectManager.bad_id = bad_id
The projects that use this patch have been in use for several years;
they predate Five. I of course don't mind continuing to do this, but
I'd hate to have to change it temporarily (to fix this bug which
actually isn't a bug for me because I don't use Five for these
projects) and then change it again when we do the pluggable thing.
+1
Looks as if we had very similar project requirements...
Chris's and Dieter's requirements seem to even more confirm my proposal that we
should propertly factor this out to a name chooser adapter that everyone can
configure for themselves. Then this discussion what ObjectManager should do or
not do will become irrelevant because it won't do anything anymore :). This is
actually how Zope 3 containers work. They perform no name checks *at all*.
It's the application (in particular, the adding view) that does it.
Zope 2's ObjectManager class is not as abstract as Zope 3 containers
are. It provides a lot of folder specific behavior. I guess it would be
better to subclass ObjectManager from a generic container class than
trying to move all non-generic code in subclasses of ObjectManager.
Yuppie's concern are Zope versions 2.8 and 2.9.
Depends on the proposed solution for Zope 2.10. If you want to make a
distinction between ObjectManager and Folder I can live with it. But
Zope 2 folders should (by default) perform the same name checks as Zope
3 folders. And they don't allow names starting with '@'.
I say that we'd just have to
live with the fact that objects can shadow views there. Applications like the
CMF can make sure that they don't on an application-level, as Chris suggests,
preferrably through a name chooser adapter.
I try to restate the problem:
- It is quite common that normal users are allowed to add objects in
Zope applications.
- If views are shadowed by objects this can seriously break the app.
- Good software makes sure normal users can't break the app.
Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder
methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3
folder views. Even the bad_id-patch described above doesn't allow to
override folder methods.
Making the name chooser configurable doesn't release us from the need to
provide a good default name chooser.
I still believe this should be fixed as I proposed, but given the
resistance I give up my attempt to get this fixed. This is now
http://www.zope.org/Collectors/Zope/2048 and I hope someone else will
fix it.
Cheers,
Yuppie
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
