On Mon, Sep 10, 2012 at 8:09 AM, Hanno Schlichting <ha...@hannosch.eu> wrote:
> On Mon, Sep 10, 2012 at 10:31 AM, yuppie <y.2...@wcm-solutions.de> wrote:
>> CMF uses some ZTUtils in restricted code: Batch, LazyFilter, make_query and
>> SimpleTreeMaker. The new Zope 2 releases (2.12.24 and 2.13.17) are not
>> compatible with existing CMF releases. Is this intended?
> This wasn't intended.
I agree these should have not been restricted.
>> CMF could declare the ZTUtils it uses as public. But that would require new
>> CMF releases for the new maintenance releases of Zope. And other packages
>> might have the same problem.
> ZTUtils is part of Zope2 and clearly intended for use inside templates
> / restricted code. So it should be fixed there.
>> Were the restrictions tightened too much in Zope?
> I'm not sure. There isn't really any clear documentation on what APIs
> you are supposed to use. It seems ZTUtils.__init__ sets
> __allow_access_to_unprotected_subobjects__ = 1 on the module scope
> level. But it doesn't use the allow_module or ModuleSecurityInfo APIs.
> I'm guessing this is all historical baggage and the "proper" APIs were
> only created much later.
> Maybe some other long term developers can chime in with their perspective?
Without digging much in the history, I'm inclined to agree with this
analysis. I think the new APIs should be used, and tests added, to
make sure these ZTUtils utilities are available from restricted code.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -