[z3-five] Re: another newbie cmf/plone integration question...

Philipp von Weitershausen philipp at weitershausen.de
Mon Jun 13 14:15:02 CEST 2005 

Lennart Regebro wrote:
> The template variables, like context, container and those, is defined
> in pt_getContext(), like nyah:
> 
>         c = {'template': self,
>              'here': here,
>              'context': here,
>              'container': self._getContainer(),
>              'nothing': None,
>              'options': {},
>              'root': root,
>              'request': request,
>              'modules': ModuleImporter,
>              }
> 
> _getContainer() is defined in Shared/DC/Scripts/Bindings.py for some
> weird reason:
> 
>     def _getContainer(self):
>         # Utility for bindcode.
>         while 1:
>             self = self.aq_inner.aq_parent
>             if not getattr(self, '_is_wrapperish', None):
>                 parent = getattr(self, 'aq_parent', None)
>                 inner = getattr(self, 'aq_inner', None)
>                 container = getattr(inner, 'aq_parent', None)
>                 try: getSecurityManager().validate(parent, container, '', self)
>                 except Unauthorized:
>                     return UnauthorizedBinding('container', self)
>                 return self
> 
> This will indeed, when the template calls it in Five, return the view.
> Which isn't what I expect, I  I tried replacing "self._getContainer()"
> with "here._getContainer()" which seems to make more sense to me, but
> of course, since here doesn't inherit from Bindings, that fails. So, I
> made a new variation of _getContainer that takes a parameter, and I
> use self._getContainer(here) to get the container of "here" instead of
> "self". This passes the unit tests. I have made no real actual testing
> of this patch, but I attach it so that people who have the problem can
> test it.
> 
> If it works, I'll check it in.

It'd be great if someone could check a failing unit test in. Then 
Lennart could apply his patch and see whether the unit test passes.

Btw, I'm not entirely sure if this is actually a sensible way to go. I'm 
not a Zope 2 expert, especially not on Zope 2 security. I wonder whether 
Whit's ominous patch looks similar.

> +    def _getContainer(self, here=None):
> +        # Utility for bindcode.
> +        if here is None:
> +            here = self
> +        while 1:

Let's use booleans :). Also, I'd suggest using a different variable name 
than 'here'. It suggests something old ZPTish.

> +            here = here.aq_inner.aq_parent
> +            if not getattr(here, '_is_wrapperish', None):
> +                parent = getattr(here, 'aq_parent', None)
> +                inner = getattr(here, 'aq_inner', None)
> +                container = getattr(inner, 'aq_parent', None)
> +                try: getSecurityManager().validate(parent, container, '', here)
> +                except Unauthorized:
> +                    return UnauthorizedBinding('container', here)
> +                return here

Philipp

More information about the z3-five mailing list