On Mon, Sep 10, 2012 at 8:09 AM, Hanno Schlichting <hanno@hannosch.eu> wrote:
On Mon, Sep 10, 2012 at 10:31 AM, yuppie <y.2012@wcm-solutions.de> wrote:
CMF uses some ZTUtils in restricted code: Batch, LazyFilter, make_query and SimpleTreeMaker. The new Zope 2 releases (2.12.24 and 2.13.17) are not compatible with existing CMF releases. Is this intended?
This wasn't intended.
I agree these should have not been restricted.
CMF could declare the ZTUtils it uses as public. But that would require new CMF releases for the new maintenance releases of Zope. And other packages might have the same problem.
ZTUtils is part of Zope2 and clearly intended for use inside templates / restricted code. So it should be fixed there.
Were the restrictions tightened too much in Zope?
I'm not sure. There isn't really any clear documentation on what APIs you are supposed to use. It seems ZTUtils.__init__ sets __allow_access_to_unprotected_subobjects__ = 1 on the module scope level. But it doesn't use the allow_module or ModuleSecurityInfo APIs. I'm guessing this is all historical baggage and the "proper" APIs were only created much later.
Maybe some other long term developers can chime in with their perspective?
Without digging much in the history, I'm inclined to agree with this analysis. I think the new APIs should be used, and tests added, to make sure these ZTUtils utilities are available from restricted code. Cheers, Leo