Re: [Zope-dev] Factory pollution, scopes, zope hosting
Lalo Martins <lalo@webcom.com> wrote:
I already described a problem of ``factory pollution'' I'm facing. In short, I develop a ZClass for a very specific problem, and then have to cope with its metatype in the ``add object'' lists of the entire site. This is a pain for hosting providers for two reasons:
1: it pollutes the ``add object'' list. I will soon have a half hundred metatypes. It's bad to make customers understand this.
2: perhaps I developed some class for one customer alone. For the others it's a waste of mental space. Perhaps I even want to charge for specific services (like, say, a shopping cart class).
I was going to settle for deleting the Factories and making some scripts to add all instances programatically, but then I realized there is a possible sollution. I'd like to hear comments on it from folks with a say on Zope internals before I move on.
This sollution is giving a ``scope'' property to the Factory object. This property is a list of strings (represented as ``lines'') defaulting to ['/']. A given factory is only valid in places where the path start with one of the scope strings (so the default scope says this factory is valid anywhere, but I could change it to ['/BroDar/nucleos', '/lalo/foobar'] so it would stop all other places from having this metatype on their ``add object'' lists).
Is it worth? Is it a good sollution? Is the problem real, or in my mind?
You have identified a real problem: it is a pain even for me in a site where I stage projects for different clients. One solution I had considered was to hack the factories to add a "global_visibility" flag to them, and to add a "factory proxy" object which would be dropped into the main Zope tree which would "surface" its factory to folders which acquired it. + Zope + Control Panel + Products + FooProduct + FooClass + FooFactory (global_visibility not checked) ... + FolderUnderWhichIWantToEnableFooFactory o FooFactoryProxy + FolderWhichCanContainFoos FooNumberOne Another namespace problem I have it the pollution of the "Permissions" namespace (mentioned in another thread). Perhaps the "visibility" flag should be a property of the Product, and therefore apply to _all_ its objects: permissions, classes, factories, etc.? An alternative to the proxy object would be to add a view to the Folder which allowed filtering the Products which could be used beneath it. -- ========================================================= Tres Seaver tseaver@palladion.com 713-523-6582 Palladion Software http://www.palladion.com
On Wed, Jan 12, 2000 at 09:08:31AM -0600, Tres Seaver wrote:
You have identified a real problem: it is a pain even for me in a site where I stage projects for different clients. One solution I had considered was to hack the factories to add a "global_visibility" flag to them, and to add a "factory proxy" object which would be dropped into the main Zope tree which would "surface" its factory to folders which acquired it.
I thought of this one too, but it would be a major security problem, because any of your customers with Manager role would be able to add a ``factory proxy'' (or ``product proxy'') and gain access to any product you have. I think a scope in the Factory (or perhaps the Product, you have a good point) is the best sollution. []s, |alo +---- -- I am Lalo of deB-org. You will be freed. Resistance is futile. http://www.webcom.com/lalo mailto:lalo@webcom.com pgp key in the web page Debian GNU/Linux --- http://www.debian.org Brazil of Darkness -- http://zope.gf.com.br/BroDar
participants (2)
-
Lalo Martins -
Tres Seaver