On Mon, May 29, 2000 at 09:40:59PM +0200, Martijn Pieters wrote:
> I can't comment with authority on why these methods are not accessible, but I
> imagine that they are banned because they'll probably let you lock up Zope in
> one way or another, creating a convenient denial-of-service attack.

If someone can edit arbitrary DTML, there are already easier
ways to cause infinite loops. And these loops don't lock up
Zope, they only eventually raise an exception (granted,
consuming lots of resources in the proccess).

> What I would like to say is that if your application needs lambda, filter or
> map, your code is getting bejond report or presentation generation (for which
> DTML is intended) and in the realm of data manipulation and business rules. In
> this case your code would be much better placed in some form of Method object,
> be that an External, Python, or when ready, Perl Method, or even as a disk
> based Product.

1: This is simply not true, and a very poor excuse for
handicapping the language.

A common example is:

<dtml-in "_.map (lambda item: Catalog.getobject (item.data_record_id_),
        Catalog (REQUEST)">

I know fetching the actual records from a ZCatalog introduces a
performance penalty, but sometimes it's necessary; there are
times you need to be absolutely sure everything is pushed on
the namespace, including user-defined properties and
sub-objects. This is the case in Hack&Roll, and I have to use a
very ugly Python Method there (and as PythonMethods don't have
map either, I have to build a list from scratch using for,
which introduces additional penalties as I'm basically
bypassing Python's optimizations).

And _.filter can be a mini-catalog:

<dtml-in "_.filter (lambda item: AUTHENTICATED_USER.has_permission ('some_permission', 
        objectValues (['Folder'])">

2: If I should be using a Python Method, then Python Methods
should have these forms, and they don't.

3: In short, these excuses are just the fallback (or should I
say Acquired?) excuses used mostly by people who don't know how
to use these very cool features of Python.

          Hack and Roll  ( http://www.hackandroll.org )
            News for, uh, whatever it is that we are.

http://zope.gf.com.br/lalo           mailto:[EMAIL PROTECTED]
         pgp key: http://zope.gf.com.br/lalo/pessoal/pgp

Brazil of Darkness (RPG)    ---     http://zope.gf.com.br/BroDar

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to