Hello,

I am trying to build a safe proxy to wrap the Plone portal object in order
to control what is allowed or not.
Here is my code:
class SafeProxy:
   def __init__(self, obj):
       self.__dict__['_obj'] = obj

   def __getattr__(self, attr):
       attributes_whitelist=['portal_membership', 'MailHost']
       if attr in attributes_whitelist:
           return getattr(self._obj, attr)
       else:
           raise AttributeError, attr+" not allowed in Plomino formula
context"

   def __setattr__(self, attr, val):
       raise AttributeError, attr+" not allowed in Plomino formula context"

Then I use it that way:
safeportal=SafeProxy(portal)
safeportal.portal_membership
<MembershipTool at /myportal/portal_membership>
safeportal.portal_catalog
AttributeError: portal_catalog not allowed in Plomino formula context

which is perfect.

But my problem is:
safeportal._obj.portal_catalog
<CatalogTool at /concerteau/portal_catalog>

How can I hide completely the SafeProxy _obj ? How can I make sure it can
only be used from the SafeProxy class code itself and nowhere else ?
How can I turn it private ? (in Python private attributes are supposed to
start with 2 underscores:  __obj, but it just mangles with the classname:
_SafeProxy__obj, so it just guarantees it will not be overwrite by another
class, it does not physically protect it)

OR (if totally impossible in Python):
how can I do it another way ? maybe using zope.proxy.ProxyBase, but i do not
find any documentation about it...

Thanks in advance,

Eric BREHAULT
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to