Philipp von Weitershausen wrote:
Piotr Chamera wrote:
def getVocabulary(context, items_container, title_field):
   list = []
   root=zapi.getRoot(context)
   for (oid, oobj) in root.get("books").get(items_container).items():
       obj = removeAllProxies(oobj)


Don't remove (security) proxies here! You're totally disabling security
with this.

       list.append( SimpleTerm( obj, str(obj.__dict__[title_field]),
                                obj.__dict__[title_field]))


This spelling is very awkward. It's probably also the reason why you
wanted to remove proxies above. You should write this as:

  list.append(SimpleTerm(obj, getattr(obj, title_field),
                         getattr(obj, title_field)))

   return SimpleVocabulary( list )


I have removed proxies because I stored selected objects in attribute of another object with forms generated from schema. But I probably can remove proxy in set method of that attribute (property) or ... what else can I store as reference to object in attribute of another object to be secure?

--
Thanks for your explanations
Piotr Chamera
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to