On Mon, Sep 10, 2012 at 8:09 AM, Hanno Schlichting <ha...@hannosch.eu> wrote: > On Mon, Sep 10, 2012 at 10:31 AM, yuppie <y.2...@wcm-solutions.de> wrote: >> CMF uses some ZTUtils in restricted code: Batch, LazyFilter, make_query and >> SimpleTreeMaker. The new Zope 2 releases (2.12.24 and 2.13.17) are not >> compatible with existing CMF releases. Is this intended? > > This wasn't intended.
I agree these should have not been restricted. >> CMF could declare the ZTUtils it uses as public. But that would require new >> CMF releases for the new maintenance releases of Zope. And other packages >> might have the same problem. > > ZTUtils is part of Zope2 and clearly intended for use inside templates > / restricted code. So it should be fixed there. > >> Were the restrictions tightened too much in Zope? > > I'm not sure. There isn't really any clear documentation on what APIs > you are supposed to use. It seems ZTUtils.__init__ sets > __allow_access_to_unprotected_subobjects__ = 1 on the module scope > level. But it doesn't use the allow_module or ModuleSecurityInfo APIs. > I'm guessing this is all historical baggage and the "proper" APIs were > only created much later. > > Maybe some other long term developers can chime in with their perspective? Without digging much in the history, I'm inclined to agree with this analysis. I think the new APIs should be used, and tests added, to make sure these ZTUtils utilities are available from restricted code. Cheers, Leo _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )