Hi Philipp! Philipp von Weitershausen wrote:
Dieter Maurer wrote:
Chris McDonough wrote at 2006-3-13 10:21 -0500:
... silly id restrictions ... Here's my current monkeypatch to Zope to unrestrict a good number of characters:
def patch_objectmanager_badid(): """ Causes Zope to be less restrictive in the set of characters it accepts as valid within object identifiers.
Added as acceptable: []*'!:@&#=+$ """
import re acceptable = r'[^a-zA-Z0-9-_~,.$\(\)\[\]\*\'\!\:\@\&\#\=\+\$ ]' bad_id = re.compile(acceptable).search import OFS.ObjectManager OFS.ObjectManager.bad_id = bad_id
The projects that use this patch have been in use for several years; they predate Five. I of course don't mind continuing to do this, but I'd hate to have to change it temporarily (to fix this bug which actually isn't a bug for me because I don't use Five for these projects) and then change it again when we do the pluggable thing. +1
Looks as if we had very similar project requirements...
Chris's and Dieter's requirements seem to even more confirm my proposal that we should propertly factor this out to a name chooser adapter that everyone can configure for themselves. Then this discussion what ObjectManager should do or not do will become irrelevant because it won't do anything anymore :). This is actually how Zope 3 containers work. They perform no name checks *at all*. It's the application (in particular, the adding view) that does it.
Zope 2's ObjectManager class is not as abstract as Zope 3 containers are. It provides a lot of folder specific behavior. I guess it would be better to subclass ObjectManager from a generic container class than trying to move all non-generic code in subclasses of ObjectManager.
Yuppie's concern are Zope versions 2.8 and 2.9.
Depends on the proposed solution for Zope 2.10. If you want to make a distinction between ObjectManager and Folder I can live with it. But Zope 2 folders should (by default) perform the same name checks as Zope 3 folders. And they don't allow names starting with '@'.
I say that we'd just have to live with the fact that objects can shadow views there. Applications like the CMF can make sure that they don't on an application-level, as Chris suggests, preferrably through a name chooser adapter.
I try to restate the problem: - It is quite common that normal users are allowed to add objects in Zope applications. - If views are shadowed by objects this can seriously break the app. - Good software makes sure normal users can't break the app. Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 folder views. Even the bad_id-patch described above doesn't allow to override folder methods. Making the name chooser configurable doesn't release us from the need to provide a good default name chooser. I still believe this should be fixed as I proposed, but given the resistance I give up my attempt to get this fixed. This is now http://www.zope.org/Collectors/Zope/2048 and I hope someone else will fix it. Cheers, Yuppie