Now I'm trying to make a blog-like component. I've made a container and then I want id's of the container items (actually just a ISO-formatted date strings) will be sorted in reverse order. I guess the simplest solution is a unicode subclass like this returned by the chooseName() method:

class ReverseOrderedName(unicode):
    """Reverse ordered name.

    >>> m1 = ReverseOrderedName("A")
    >>> m2 = ReverseOrderedName("B")
    >>> m1 > m2
    True
    >>> m1 < m2
    False
    """

    def __cmp__(self, other):
        return cmp(unicode(other), unicode(self))

Then I've made some security declarations and all working just fine but items names displayed like '<security proxied ... instance at ...>'.

Is this reasonable/safe to apply attached patch or maybe I can reimplement my container in some other way?

--
Dmitry Vasiliev (dima at hlabs.spb.ru)
    http://hlabs.spb.ru
Index: src/zope/app/pagetemplate/talesapi.py
===================================================================
--- src/zope/app/pagetemplate/talesapi.py	(revision 30505)
+++ src/zope/app/pagetemplate/talesapi.py	(working copy)
@@ -24,6 +24,7 @@
 from zope.app import zapi
 from zope.interface import implements
 from zope.security.interfaces import Unauthorized
+from zope.security.proxy import removeSecurityProxy
 from zope.tales.interfaces import ITALESFunctionNamespace
 
 
@@ -70,9 +71,10 @@
 
     def title_or_name(self):
         try:
-            return getattr(self, 'title', '') or zapi.name(self.context)
+            title = getattr(self, 'title', '') or zapi.name(self.context)
         except Unauthorized:
-            return zapi.name(self.context)
+            title = zapi.name(self.context)
+        return removeSecurityProxy(title)
 
     def size(self):
         a = ISized(self.context, None)
Index: src/zope/app/container/browser/contents.py
===================================================================
--- src/zope/app/container/browser/contents.py	(revision 30505)
+++ src/zope/app/container/browser/contents.py	(working copy)
@@ -22,6 +22,7 @@
 from zope.app.traversing.interfaces import TraversalError
 from zope.security.interfaces import Unauthorized
 from zope.security import checkPermission
+from zope.security.proxy import removeSecurityProxy
 
 from zope.app import zapi
 from zope.app.size.interfaces import ISized
@@ -148,7 +149,7 @@
 
         id, obj = item
         info = {}
-        info['id'] = info['cb_id'] = id
+        info['id'] = info['cb_id'] = removeSecurityProxy(id)
         info['object'] = obj
 
         info['url'] = urllib.quote(id.encode('utf-8'))
Index: src/zope/app/traversing/browser/absoluteurl.py
===================================================================
--- src/zope/app/traversing/browser/absoluteurl.py	(revision 30505)
+++ src/zope/app/traversing/browser/absoluteurl.py	(working copy)
@@ -19,6 +19,7 @@
 from zope.interface import implements
 from zope.proxy import sameProxiedObjects
 from zope.publisher.browser import IBrowserRequest
+from zope.security.proxy import removeSecurityProxy
 
 import zope.component
 from zope.app.i18n import ZopeMessageIDFactory as _
@@ -91,7 +92,7 @@
             raise TypeError, _insufficientContext
 
         if name:
-            base += ({'name': name,
+            base += ({'name': removeSecurityProxy(name),
                       'url': ("%s/%s" % (base[-1]['url'],
                                          urllib.quote(name.encode('utf-8'),
                                                       _safe)))
@@ -132,7 +133,7 @@
 
         name = getattr(context, '__name__', None)
         if name:
-            base += ({'name': name,
+            base += ({'name': removeSecurityProxy(name),
                       'url': ("%s/%s" % (base[-1]['url'],
                                          urllib.quote(name.encode('utf-8'),
                                                       _safe)))
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to