Re: [Zope-dev] Re: ZPatterns, ObjectDomain, UML and all that.....

2000-12-24 Thread Steve Spicklemire 


Hi Itai,

   Good idea! I'll try to add this to the example.

thanks!
-steve

Itai> P.S. I've been struggling with a problem that might get
Itai> cleared up if you added it to the example:

Itai> Say you want to allow a user to add a ToDo from the
Itai> Deliverable screen (in addition to the existing menu for
Itai> selecting existing ToDos). You could either place a 'create
Itai> ToDo' form right there, using a UI snippet from ToDos, or
Itai> link to ToDos.addToDoForm. The problem is how to get the id
Itai> of the new ToDo into the deliverable. If you didn't store
Itai> todo_ids in Deliverable, instead calling
Itai> ToDos.getToDosForDeliverable(), there would be no
Itai> problem. Otherwise, you'd need a addToDoInterface in
Itai> Deliverable, which will call ToDos.addToDo, then add the new
Itai> ToDo id to todo_ids. Or, as a third option, you could pass a
Itai> method to ToDos.addToDo, and get it to call this method and
Itai> give it the new id.

Itai> What do you think? Want to tackle this in the example?

Itai> Itai -- Itai Tavor "Je sautille, donc je suis."  C3Works
Itai> [EMAIL PROTECTED] - Kermit the Frog

Itai> "If you haven't got your health, you haven't got anything"


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] __bobo_traverse__, new ZCatalog and ZClasses

2000-12-24 Thread Steve Alexander 

Zope 2.3, from cvs on 2000-12-24, patched with Chris P's latest ZCatalog 
stuff.

I'm getting a bad interaction between ZClasses, ZCatalog and 
__bobo_traverse__.

I have some ZClasses that are accessed via a container that implements 
__bobo_traverse__. The problem is that, although I can get to the ZClass 
instances by typing a URL into by browser, I get a security error when I 
try to get to them using restrictedTraverse.

This causes a problem, as it means these instances cannot be catalogued 
in a ZCatalog, because ZCatalog now uses restrictedTraverse to get an 
object for indexing.

The zope security validation gets stuck between not knowing for sure 
what the object's container is (according to comments from 
Traversable.py), and ZClasses not returning anything for __roles__.

ZPatterns jargon paragraph:
All this causes a problem if you want to use the ZPatterns idiom of 
ZClass DataSkins in a Specialist, catalogued using a ZCatalog. You can 
get around it by providing a __roles__ attribute using SkinScript.


Is there some bug in the ZClasses __roles__ machinery?

When does __roles__ get set on objects or classes anyway? I've found the 
description of what __roles__ are used for in the old Trinkets tutorial 
document. I think things have moved on a bit since then, though.


Some relevant code snippets:

Traversable.py

 t=get(object, '__bobo_traverse__', N)
 if t is not N:
 o=t(REQUEST, name)

 # Note we pass no container, because we have no
 # way of knowing what it is
 if (restricted and not securityManager.validate(
 object, None, name, o)):
 raise 'Unauthorized', name


ZopeSecurityPolicy.py, line 123:

 # Try to get roles
 roles=getattr(value, '__roles__', _noroles)

 if roles is _noroles:

 
 # We have an object without roles. Presumabely, it's
 # some simple object, like a string or a list.

--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )