[Zope-dev] Re: names starting with '@' are not reserved
Hi Philipp! Philipp von Weitershausen wrote: Dieter Maurer wrote: Chris McDonough wrote at 2006-3-13 10:21 -0500: ... silly id restrictions ... Here's my current monkeypatch to Zope to unrestrict a good number of characters: def patch_objectmanager_badid(): Causes Zope to be less restrictive in the set of characters it accepts as valid within object identifiers. Added as acceptable: []*'!:@#=+$ import re acceptable = r'[^a-zA-Z0-9-_~,.$\(\)\[\]\*\'\!\:[EMAIL PROTECTED]\#\=\+\$ ]' bad_id = re.compile(acceptable).search import OFS.ObjectManager OFS.ObjectManager.bad_id = bad_id The projects that use this patch have been in use for several years; they predate Five. I of course don't mind continuing to do this, but I'd hate to have to change it temporarily (to fix this bug which actually isn't a bug for me because I don't use Five for these projects) and then change it again when we do the pluggable thing. +1 Looks as if we had very similar project requirements... Chris's and Dieter's requirements seem to even more confirm my proposal that we should propertly factor this out to a name chooser adapter that everyone can configure for themselves. Then this discussion what ObjectManager should do or not do will become irrelevant because it won't do anything anymore :). This is actually how Zope 3 containers work. They perform no name checks *at all*. It's the application (in particular, the adding view) that does it. Zope 2's ObjectManager class is not as abstract as Zope 3 containers are. It provides a lot of folder specific behavior. I guess it would be better to subclass ObjectManager from a generic container class than trying to move all non-generic code in subclasses of ObjectManager. Yuppie's concern are Zope versions 2.8 and 2.9. Depends on the proposed solution for Zope 2.10. If you want to make a distinction between ObjectManager and Folder I can live with it. But Zope 2 folders should (by default) perform the same name checks as Zope 3 folders. And they don't allow names starting with '@'. I say that we'd just have to live with the fact that objects can shadow views there. Applications like the CMF can make sure that they don't on an application-level, as Chris suggests, preferrably through a name chooser adapter. I try to restate the problem: - It is quite common that normal users are allowed to add objects in Zope applications. - If views are shadowed by objects this can seriously break the app. - Good software makes sure normal users can't break the app. Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 folder views. Even the bad_id-patch described above doesn't allow to override folder methods. Making the name chooser configurable doesn't release us from the need to provide a good default name chooser. I still believe this should be fixed as I proposed, but given the resistance I give up my attempt to get this fixed. This is now http://www.zope.org/Collectors/Zope/2048 and I hope someone else will fix it. Cheers, Yuppie ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] App.Product - distribution related code?
--On 14. März 2006 21:14:33 +0100 Andreas Jung [EMAIL PROTECTED] wrote: lib/python/App/Product.py contains code that deals *somehow* with distributions (whatever this means). Does any one know what this code is doing?...anyway this code uses the Python rotor module which was removed in Python 2.4. This code is a clear candidate to be kicked... objections? I removed the ZClasses related distribution code from the trunk..what a cruft :-/ -aj --- - Andreas JungZOPYX Ltd. Co KG- - E-mail: [EMAIL PROTECTED] Web: www.zopyx.com, www.zopyx.de - --- pgpLDLHvEAlwB.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: PDBDebugMode 0.1 Release
Paul Winkler wrote: Unfortunately zdb doesn't appear to work with zope 2.9 / python 2.4. I'll file a bug report with Chris. It works great with zope 2.8 / python 2.3. I'll try and fix this today... Chris ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] RE: How to delete an object given a path in Zope
Hi Suresh,
I've actually tried that. The problem I run into is that the folder in
my path contains a dash. When I call manage_delObjects on the following:
obj = context.restrictedTraverse('webcasts/courses/2005-2006/temp')
id = obj.getId()
context.webcasts.courses.2005-2006.manage_delObjects(id)
Python complains about the '-' in 2005-2006 on the third line. So my
thought was that if you had the object reference you could somehow
delete that reference like so:
obj = context.restrictedTraverse('webcasts/courses/2005-2006/temp')
id = obj.getId()
obj.manage_delObjects(id)
This however does not work. It gives the following error:
Error Type
AttributeError
Error Value
temp
Side note: I'm running Zope 2.7.6
Thanks,
Mike
-Original Message-
From: suresh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 15, 2006 3:09 AM
To: Takahashi, Michael
Subject: Re: How to delete an object given a path in Zope
Takahashi, Michael wrote:
I am trying to figure out how to delete an object in Zope given a
path.
snip
Any help is greatly appreciated.
You want to call manage_delObjects on the parent folder and give it the
list of ids.
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: How to delete an object given a path in Zope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Takahashi, Michael wrote:
Hi Suresh,
I've actually tried that. The problem I run into is that the folder in
my path contains a dash. When I call manage_delObjects on the following:
obj = context.restrictedTraverse('webcasts/courses/2005-2006/temp')
id = obj.getId()
context.webcasts.courses.2005-2006.manage_delObjects(id)
Python complains about the '-' in 2005-2006 on the third line. So my
thought was that if you had the object reference you could somehow
delete that reference like so:
obj = context.restrictedTraverse('webcasts/courses/2005-2006/temp')
id = obj.getId()
obj.manage_delObjects(id)
This however does not work. It gives the following error:
Error Type
AttributeError
Error Value
temp
You need to get a reference to the container, and call
'manage_delObject' on it, e.g.:
container = context.restrictedTraverse('webcasts/courses/2005-2006')
container.manage_delObject('temp')
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEGEU8+gerLs4ltQ4RAqdkAJ98DJYKXeQShR9b/4wIDzo87+b8OACePtFV
JL7HFDOImAsY981oadBlxys=
=HQZA
-END PGP SIGNATURE-
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: How to delete an object given a path in Zope
Tres Seaver wrote:
Takahashi, Michael wrote:
I've actually tried that. The problem I run into is that the folder in
my path contains a dash. When I call manage_delObjects on the following:
obj = context.restrictedTraverse('webcasts/courses/2005-2006/temp')
You need to get a reference to the container, and call
'manage_delObject' on it, e.g.:
container = context.restrictedTraverse('webcasts/courses/2005-2006')
container.manage_delObject('temp')
I usually just call aq_parent
obj = context.restrictedTraverse('webcasts/courses/2005-2006/temp')
container = obj.aq_parent
container.manage_delObject('temp')
If you are deleting a list of objects in different folders you need to
do a bit of tapdancing not to delete parents first. Like reverse sorting
on the length of the physical path.
--
hilsen/regards Max M, Denmark
http://www.mxm.dk/
IT's Mad Science
Phone: +45 66 11 84 94
Mobile: +45 29 93 42 96
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How to delete an object given a path in Zope
Takahashi, Michael wrote at 2006-3-14 12:25 -0800: ... Using restrictedTraverse I'm able to get the object by its path. I then want to delete this object. When you have an object obj inside the site hierarchy, then obj.aq_inner.aq_parent is its container (in this hierarcy). Therefore, an idiom to delete obj is: obj.aq_inner.aq_parent.manage_delObjects(obj.getId()) -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: names starting with '@' are not reserved
yuppie wrote at 2006-3-15 11:23 +0100: ... Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 folder views. Even the bad_id-patch described above doesn't allow to override folder methods. Maybe, the checkValidId should refuse to add an object with an id that hides a view declared for this folder and not reject any id that might (potentially) hide a view because it starts with @ or +... This would prevent the security concerns you seem to have and allows for most ids to be accepted... -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: names starting with '@' are not reserved
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dieter Maurer wrote: yuppie wrote at 2006-3-15 11:23 +0100: ... Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 folder views. Even the bad_id-patch described above doesn't allow to override folder methods. Maybe, the checkValidId should refuse to add an object with an id that hides a view declared for this folder and not reject any id that might (potentially) hide a view because it starts with @ or +... This would prevent the security concerns you seem to have and allows for most ids to be accepted... Such objects would still suffer from potential future namespace clashes with views not yet declared, or even not yet appropriate to the object in its current state (e.g, should it acquire a new marker interface, its set of views would be larger). I would think that the reasonable thing to do here is to make the id validation policy pluggable (e.g., via an adapter), so that users with different needs can supply appropriate policies. The question then becomes which policy should be the default. Given that such IDs are only recently possible in Zope, I would say using a more restrictive policy by default would be sensible. Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEGLUt+gerLs4ltQ4RAiHvAJ9MYRbR7xARubp/yX6W22tABURpxwCff4Ls /Ru0OVluMzODwSge3eAhf7U= =f/Iz -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: How to delete an object given a path in Zope
Takahashi, Michael wrote: I am trying to figure out how to delete an object in Zope given a path. snip Any help is greatly appreciated. You want to call manage_delObjects on the parent folder and give it the list of ids. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
