Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Zope: CMF

Inconstancy with CA traversal

  

 
Zope cmf RSS feed   Index | Next | Previous | View Threaded


gmane at dylanjay

Jun 24, 2008, 7:06 PM

Post #1 of 9 (541 views)
Permalink
Inconstancy with CA traversal
Hi,

I'd appreciate some tips from someone who knows zope2 and Five traversal
code.

I've observed an unexpected effect that you can override a skin based
template or python script with a browser view in a sub folder but not at
the portal root.
I'm trying to get my head round all the various traversal code in
zope/five and would appreciate any tips from someone who knows this code
well.
I'm trying to find out if its possible making CA traversal have
precedence over zope2 style traversal in every case?
and if so, do others agree its a worth while change?

For me it would allow the transparent customization of plone skins based
code with browser views and mean I can keep my customizations entirely
out of the skin level. plus its makes for a much simpler description of
how traversal works.




_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


wichert at wiggy

Jun 24, 2008, 11:15 PM

Post #2 of 9 (519 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
Previously Dylan Jay wrote:
> I've observed an unexpected effect that you can override a skin based
> template or python script with a browser view in a sub folder but not at
> the portal root.
> I'm trying to get my head round all the various traversal code in
> zope/five and would appreciate any tips from someone who knows this code
> well.

For some unknown reason CMF explicitly encoded that behaviour in
__bobo_traverse__. It's bitten Plone as well.

Wichert.

--
Wichert Akkerman <wichert[at]wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


gmane at dylanjay

Jun 25, 2008, 12:16 AM

Post #3 of 9 (517 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
Wichert Akkerman wrote:
> Previously Dylan Jay wrote:
>> I've observed an unexpected effect that you can override a skin based
>> template or python script with a browser view in a sub folder but not at
>> the portal root.
>> I'm trying to get my head round all the various traversal code in
>> zope/five and would appreciate any tips from someone who knows this code
>> well.
>
> For some unknown reason CMF explicitly encoded that behaviour in
> __bobo_traverse__. It's bitten Plone as well.

So how do we change it?


_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


y.2008 at wcm-solutions

Jun 25, 2008, 1:54 AM

Post #4 of 9 (513 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
Wichert Akkerman wrote:
> Previously Dylan Jay wrote:
>> I've observed an unexpected effect that you can override a skin based
>> template or python script with a browser view in a sub folder but not at
>> the portal root.
>> I'm trying to get my head round all the various traversal code in
>> zope/five and would appreciate any tips from someone who knows this code
>> well.
>
> For some unknown reason CMF explicitly encoded that behaviour in
> __bobo_traverse__. It's bitten Plone as well.

???

Only DiscussionItemContainer has a __bobo_traverse__ method.

Five was changed a while ago to make sure views don't mask attributes:
http://codespeak.net/pipermail/z3-five/2006q1/001186.html

Skin methods are attributes of the portal root (see __getattr__ of
SkinnableObjectManager), but not of sub folders. Views are looked up
after attributes but before acquired attributes.

HTH, Yuppie

_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


l at lrowe

Jun 25, 2008, 2:13 AM

Post #5 of 9 (513 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
Wichert Akkerman wrote:
> Previously Dylan Jay wrote:
>> I've observed an unexpected effect that you can override a skin based
>> template or python script with a browser view in a sub folder but not at
>> the portal root.
>> I'm trying to get my head round all the various traversal code in
>> zope/five and would appreciate any tips from someone who knows this code
>> well.
>
> For some unknown reason CMF explicitly encoded that behaviour in
> __bobo_traverse__. It's bitten Plone as well.

As far as I can tell, it's not actually encoded in __bobo_traverse__ but
in the interactions between Skinnable.__getattr__ and OFS.Traversable.

OFS.Traversable.unrestrictedTraverse looks up objects in the following
order:

1. namespaces (@@ and ++)

2. bobo_traverse

3. getattr(aq_base(obj), name) # no acquisition

4. views

5. getattr(obj, name) # with acquisition

The difference in behaviour occurs because at the portal root skin
objects get picked up at number 3, whereas in other places they get
picked up at number 5, after views.

To fix this we need to add a __bobo__traverse__ method to Skinnable that
looks up objects in the order:

1. getattr(aq_base(obj), name), but excluding skin objects

2. views

3. getattr(aq_base(obj), name), including skin objects

4. getattr(obj, name)

Laurence

_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


l at lrowe

Jun 25, 2008, 2:42 AM

Post #6 of 9 (505 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
Laurence Rowe wrote:

> To fix this we need to add a __bobo__traverse__ method to Skinnable that
> looks up objects in the order:
>
> 1. getattr(aq_base(obj), name), but excluding skin objects
>
> 2. views
>
> 3. getattr(aq_base(obj), name), including skin objects
>
> 4. getattr(obj, name)

Hmm. It looks as if the __bobo_traverse__ method will require access to
the `restricted` argument to unrestrictedTraverse. I can't see any way
to access this other than:

sys._getframe(1).f_locals['restricted']

Which is more than a little ugly.

Laurence

_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


gmane at dylanjay

Jun 25, 2008, 9:55 PM

Post #7 of 9 (497 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
Laurence Rowe wrote:
> Laurence Rowe wrote:
>
>> To fix this we need to add a __bobo__traverse__ method to Skinnable
>> that looks up objects in the order:
>>
>> 1. getattr(aq_base(obj), name), but excluding skin objects
>>
>> 2. views
>>
>> 3. getattr(aq_base(obj), name), including skin objects
>>
>> 4. getattr(obj, name)
>
> Hmm. It looks as if the __bobo_traverse__ method will require access to
> the `restricted` argument to unrestrictedTraverse. I can't see any way
> to access this other than:
>
> sys._getframe(1).f_locals['restricted']
>
> Which is more than a little ugly.

Do I raise this as a bug against CMF?


_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


tseaver at palladion

Jun 28, 2008, 8:22 AM

Post #8 of 9 (485 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurence Rowe wrote:
> Laurence Rowe wrote:
>
>> To fix this we need to add a __bobo__traverse__ method to Skinnable that
>> looks up objects in the order:
>>
>> 1. getattr(aq_base(obj), name), but excluding skin objects
>>
>> 2. views
>>
>> 3. getattr(aq_base(obj), name), including skin objects
>>
>> 4. getattr(obj, name)
>
> Hmm. It looks as if the __bobo_traverse__ method will require access to
> the `restricted` argument to unrestrictedTraverse. I can't see any way
> to access this other than:
>
> sys._getframe(1).f_locals['restricted']
>
> Which is more than a little ugly.

I don't get it: why isn't OFS.Traversable's check sufficient?
__bobo_traverse__ has a bad enough (insane, actually) contract, without
adding security checking to it.


Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver[at]palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIZldK+gerLs4ltQ4RAqvWAJ4zkDSAUzHLIfUqPtnCqCM1wTkHowCgwVs4
6zMF1gUxD7qVZ4y/i8dSHy4=
=vy5T
-----END PGP SIGNATURE-----

_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests


l at lrowe

Jun 30, 2008, 5:13 AM

Post #9 of 9 (476 views)
Permalink
Re: Inconstancy with CA traversal [In reply to]
Tres Seaver wrote:
>
> I don't get it: why isn't OFS.Traversable's check sufficient?
> __bobo_traverse__ has a bad enough (insane, actually) contract, without
> adding security checking to it.

Tres: You're quite right, the security check happens outside of
bobo_traverse.

Dylan: Could you try this patch and see if it works for you. It really
needs some tests writing for it too.

Laurence
Attachments: Skinnable.diff (2.76 KB)

Zope cmf RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.