Taking ideas from the Renderable product, the ZCallable baseclass (PTK) and the __call__ thread on this very list, I created a Callable baseclass intended as a mixin for ZClasses. class Callable: def render( self, client=None, REQUEST={}, RESPONSE=None, **kw ): '''Calls index_html, if it exists, to render this object. ''' self.isDocTemp = 1 # pass me the namespace, please local = getattr( self, 'aq_base', self ) if hasattr( local, 'index_html' ): method = self.index_html args = (self, REQUEST, RESPONSE) # substitute self for client return apply( method, args, kw ) else: raise AttributeError, 'index_html' __call__ = render I went on to make a ZClass derived from Folder and Callable to effectively create a CallableFolder. Man, was I proud ;). This worked fine for me until I had to put some security on my CallableFolders. Removing 'View' for Anonymous keeps me from accessing a CallableFolder directly but it can still be used as a subtemplate (dtml-var x) from another DTML Document or Method. Bummer! Doing some tests I discovered that plain DTML Documents show the same behaviour (!), though DTML Methods throw 'Unauthorized' as expected. Now I am confused and herewith ask the pros to kindly have a look at what I did. *) Does my baseclass do what I expect it to at all? (or only by chance ;) *) Is there a known issue with DTML Documents used as subtemplates or is their behaviour correct? *) Do I have to take measures in my baseclass to properly access/pass security contexts? *) If yes, how would I do it? *) Or is there even prior art on such a baseclass or reasons why this just cannot possibly work? If you are interested, you can get the CallableFolder product in its current state from ftp://epy.co.at/pub/zope/ I am running Zope 2.2.2 with both Hotfixes and the __call__ fix. Thanks, Stefan -- Things work better when plugged in
Sorry, a DTML Method throws 'KeyError' not 'Unauthorized' But I have already seen posts on why *that* is the case (Hotfix IIRC) Stefan
"Stefan H. Holek" wrote:
Taking ideas from the Renderable product, the ZCallable baseclass (PTK) and the __call__ thread on this very list, I created a Callable baseclass intended as a mixin for ZClasses.
class Callable:
def render( self, client=None, REQUEST={}, RESPONSE=None, **kw ): '''Calls index_html, if it exists, to render this object. ''' self.isDocTemp = 1 # pass me the namespace, please local = getattr( self, 'aq_base', self ) if hasattr( local, 'index_html' ): method = self.index_html args = (self, REQUEST, RESPONSE) # substitute self for client return apply( method, args, kw ) else: raise AttributeError, 'index_html'
__call__ = render
I'd probably do that as (untested): class Callable: isDocTemp = 1 # pretend I'm a docTemplate def __call__( self, client=None, REQUEST={}, RESPONSE=None, **kw ): '''Calls index_html, if it exists, to render this object. ''' local = getattr( self, 'aq_base', self ) method = local.index_html args = (self, REQUEST, RESPONSE) # substitute self for client return apply( method, args, kw )
I went on to make a ZClass derived from Folder and Callable to effectively create a CallableFolder. Man, was I proud ;). This worked fine for me until I had to put some security on my CallableFolders. Removing 'View' for Anonymous keeps me from accessing a CallableFolder directly but it can still be used as a subtemplate (dtml-var x) from another DTML Document or Method. Bummer! Doing some tests I discovered that plain DTML Documents show the same behaviour (!), though DTML Methods throw 'Unauthorized' as expected.
Ewww... that's not very nice, Collector time: http://classic.zope.org:8080/Collector/
*) Do I have to take measures in my baseclass to properly access/pass security contexts?
...shouldn't do, AFAIK.
*) Or is there even prior art on such a baseclass or reasons why this just cannot possibly work?
ZCallable, ZRenderable and FunctionTemplate are all in this space... cheers, Chris
On Wed, 22 Nov 2000, Chris Withers wrote: [ snipped cosmetic modifications ;) ]
until I had to put some security on my CallableFolders. Removing 'View' for Anonymous keeps me from accessing a CallableFolder directly but it can still be used as a subtemplate (dtml-var x) from another DTML Document or Method. Bummer! Doing some tests I discovered that plain DTML Documents show the same behaviour (!), though DTML Methods throw 'Unauthorized' as expected.
Ewww... that's not very nice, Collector time: http://classic.zope.org:8080/Collector/
done.
*) Do I have to take measures in my baseclass to properly access/pass security contexts?
...shouldn't do, AFAIK.
relief ;)
*) Or is there even prior art on such a baseclass or reasons why this just cannot possibly work?
ZCallable, ZRenderable and FunctionTemplate are all in this space...
I've seen them all. I cannot make ZCallable work (too many datafull baseclasses...), Renderable does only give me the REQUEST, and FunctionTemplates are far more than I am able to grok at the moment ;) Thanks anyway, Stefan
participants (2)
-
Chris Withers -
Stefan H. Holek