Security class attribute
Now in Zope 2.9 I get these warnings:: 2006-01-26 14:31:45 WARNING Init Class Products.MyProduct.Homesite.FilesContainer has a security declaration for nonexistent method 'FileManagement' That's understandable because I've coded it like this:: class MyProduct(...): security=ClassSecurityInfo() security.declareProtected('View', 'FileManagement.html') setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement) In other words, I create methods after the class has been defined and squeeze them in manually. Very convenient. To avoid the WARNING message above I thought I could use declareProtected() _after_ the the class has been defined just as with the additional method; but no luck :( I tried this:: class MyProduct(...): security=ClassSecurityInfo() setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement) MyProduct.security.declareProtected('View', 'FileManagement.html') But I'm getting:: AttributeError: type object 'MyProduct' has no attribute 'security' Which I totally don't understand. To test my sanity I wrote this test script which works fine:: class _Z: def __init__(self): self.z = "Z" def declareProtected(self, *a,**k): print "++declare something+" def foo(): print "I'm being called" return _Z() class A: security=foo() def __init__(self): pass A.security.declareProtected("foo") print dir(A) Which works like you'd expect with the followin output:: I'm being called ++declare something+ ['__doc__', '__init__', '__module__', 'security'] What's going on [differently] in Zope? What am I missing? -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com
The ClassSecurityInfo is a convenience to provide a halfway-sane spelling for a lot of ugliness under the hood in setting up security. IntializeClass (among other things) tells the CSI to apply itself to the class to set everything up, then it gets *removed* from the class. I can't tell for sure from your code, but I suspect that IntializeClass is being called on MyProduct *before* you are doing your class augmentation -- if you can defer the call until after you hack it, it should work. If for some reason you can't defer the call to InitializeClass, it should be safe to create another ClassSecurityInfo and apply it manually, e.g.: class MyProduct(...): security=ClassSecurityInfo() <InitializeClass happens...> setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement) xtra = ClassSecurityInfo() xtra.security.declareProtected('View', 'FileManagement.html') xtra.apply(MyProduct) HTH, Brian Lloyd brian@zope.com V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com
-----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org]On Behalf Of Peter Bengtsson Sent: Thursday, January 26, 2006 9:44 AM To: [Zope] Subject: [Zope] Security class attribute
Now in Zope 2.9 I get these warnings::
2006-01-26 14:31:45 WARNING Init Class Products.MyProduct.Homesite.FilesContainer has a security declaration for nonexistent method 'FileManagement'
That's understandable because I've coded it like this::
class MyProduct(...): security=ClassSecurityInfo() security.declareProtected('View', 'FileManagement.html')
setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
In other words, I create methods after the class has been defined and squeeze them in manually. Very convenient. To avoid the WARNING message above I thought I could use declareProtected() _after_ the the class has been defined just as with the additional method; but no luck :( I tried this:: class MyProduct(...): security=ClassSecurityInfo()
setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement) MyProduct.security.declareProtected('View', 'FileManagement.html')
But I'm getting::
AttributeError: type object 'MyProduct' has no attribute 'security'
Which I totally don't understand. To test my sanity I wrote this test script which works fine::
class _Z: def __init__(self): self.z = "Z" def declareProtected(self, *a,**k): print "++declare something+" def foo(): print "I'm being called" return _Z() class A: security=foo() def __init__(self): pass A.security.declareProtected("foo") print dir(A)
Which works like you'd expect with the followin output::
I'm being called ++declare something+ ['__doc__', '__init__', '__module__', 'security']
What's going on [differently] in Zope? What am I missing?
-- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
On 1/26/06, Brian Lloyd <brian@zope.com> wrote:
The ClassSecurityInfo is a convenience to provide a halfway-sane spelling for a lot of ugliness under the hood in setting up security.
IntializeClass (among other things) tells the CSI to apply itself to the class to set everything up, then it gets *removed* from the class.
I can't tell for sure from your code, but I suspect that IntializeClass is being called on MyProduct *before* you are doing your class augmentation -- if you can defer the call until after you hack it, it should work.
No, I did the InitializeClass() *after* everything else. So still no explaination. For what's going on.
If for some reason you can't defer the call to InitializeClass, it should be safe to create another ClassSecurityInfo and apply it manually, e.g.:
class MyProduct(...): security=ClassSecurityInfo()
<InitializeClass happens...>
setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement) xtra = ClassSecurityInfo() xtra.security.declareProtected('View', 'FileManagement.html') xtra.apply(MyProduct)
That's sort of what I've done now. My code looks something like this:: class MyProduct(...): security = ClassSecurityInfo() security.declareProtected('View','blabla') def blabla(): pass setattr(MyProduct, 'blabla.html', MyProduct.blabla) security.declareProtected('View', 'blabla.html') security.apply(MyProduct) InitializeClass(MyProduct) ...and now everything seems to be happy. Thanks for the advice.
HTH,
Brian Lloyd brian@zope.com V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com
-----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org]On Behalf Of Peter Bengtsson Sent: Thursday, January 26, 2006 9:44 AM To: [Zope] Subject: [Zope] Security class attribute
Now in Zope 2.9 I get these warnings::
2006-01-26 14:31:45 WARNING Init Class Products.MyProduct.Homesite.FilesContainer has a security declaration for nonexistent method 'FileManagement'
That's understandable because I've coded it like this::
class MyProduct(...): security=ClassSecurityInfo() security.declareProtected('View', 'FileManagement.html')
setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
In other words, I create methods after the class has been defined and squeeze them in manually. Very convenient. To avoid the WARNING message above I thought I could use declareProtected() _after_ the the class has been defined just as with the additional method; but no luck :( I tried this:: class MyProduct(...): security=ClassSecurityInfo()
setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement) MyProduct.security.declareProtected('View', 'FileManagement.html')
But I'm getting::
AttributeError: type object 'MyProduct' has no attribute 'security'
Which I totally don't understand. To test my sanity I wrote this test script which works fine::
class _Z: def __init__(self): self.z = "Z" def declareProtected(self, *a,**k): print "++declare something+" def foo(): print "I'm being called" return _Z() class A: security=foo() def __init__(self): pass A.security.declareProtected("foo") print dir(A)
Which works like you'd expect with the followin output::
I'm being called ++declare something+ ['__doc__', '__init__', '__module__', 'security']
What's going on [differently] in Zope? What am I missing?
-- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com
I have a fairly extensive application running on Zope 2.6 and would like to upgrade it for long-term maintainability. So I am looking for thoughts from the group as to whether it would be better to upgrade to the latest version of Zope 2, or 'bite-the-bullet' and upgrade to Zope 3. Does anyone know the long term fate of Zope 2? (ie. is the plan to eventually move everything into Zope 3, then slowly fade Zope 2 from the picture, or will Zope 2 be with us forever?). Any and all thoughts gratefully appreciated! Thanks, Jonathan
On 1/26/06, Jonathan <dev101@magma.ca> wrote:
I have a fairly extensive application running on Zope 2.6 and would like to upgrade it for long-term maintainability. So I am looking for thoughts from the group as to whether it would be better to upgrade to the latest version of Zope 2, or 'bite-the-bullet' and upgrade to Zope 3.
Only you can answer that question.
Does anyone know the long term fate of Zope 2? (ie. is the plan to eventually move everything into Zope 3, then slowly fade Zope 2 from the picture, or will Zope 2 be with us forever?).
No, Zope 2 is definitely destined to slowly fade, but that is a process that will take years, and should have no real impact on your decision now. The question now is how much work you think it will be to upgrade to 2.9, vs how much work you think it will be to rewrite the applictaion to 3.2. And that depends in turn very much on what kind of site you are running, what third-party products you are using and no on. -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/
Lennart Regebro wrote:
On 1/26/06, Jonathan <dev101@magma.ca> wrote:
Does anyone know the long term fate of Zope 2? (ie. is the plan to eventually move everything into Zope 3, then slowly fade Zope 2 from the picture, or will Zope 2 be with us forever?).
No, Zope 2 is definitely destined to slowly fade, but that is a process that will take years, and should have no real impact on your decision now.
I'm not sure one should call it 'fade', but that's a debate about semantics. Right now, there's a lot of innovation going on in Zope 2 all the time. It's just that lots of that innovation is now shared with Zope 3 - Zope 2 and Zope 3 technologies are converging. This convergence will take many years to be "complete". We probably aren't even clear yet exactly what "complete" means, as both Zope 2 and Zope 3 will continue to evolve. So, besides porting to Zope 3 directly, you could port your application not to Zope 3, but to a modern version of Zope 2, such as Zope 2.9, and use the Zope 3 technology in it (a large part of Zope 3 is included, and Five is there to make integration possible). It allows you to evolve your application more gradually. It also allows your application more easy portability to Zope 3 if you should need to later, as you're already using the technology. Zope 2 is open source, so as long as there are users interested in maintaining Zope 2, Zope 2 will be with us. There are *lots* of users of Zope 2, so there is no reason to worry about it for years to come. We do think Zope 2 will very slowly, step by step, turn more into a special application of Zope 3 technologies, and the framework bits that were important once in Zope 2 will be replaced gradually with bits from Zope 3. Regards, Martijn
If it is "fairly extensive" I would think your best bet is to migrate up the 2.X ladder. 2.6 -> 2.7.8 (shouldn't be too bumpy) 2.7.8 -> 2.8.4 (ZCatalog issues) 2.8.4 -> 2.9.x (lots of Zope 3 goodness) If you do those the jump into Zope 3 should be easier than not. I usually wait for a .3 or .4 release to get in. Jake _______________________ http://www.ZopeZone.com On Thu, January 26, 2006 11:11 am, Jonathan said:
I have a fairly extensive application running on Zope 2.6 and would like to upgrade it for long-term maintainability. So I am looking for thoughts from the group as to whether it would be better to upgrade to the latest version of Zope 2, or 'bite-the-bullet' and upgrade to Zope 3.
Does anyone know the long term fate of Zope 2? (ie. is the plan to eventually move everything into Zope 3, then slowly fade Zope 2 from the picture, or will Zope 2 be with us forever?).
Any and all thoughts gratefully appreciated!
Thanks,
Jonathan
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Thanks to everyone for their comments and suggestions! I have decided to upgrade our Zope 2.6 application (which consists of 276 scripts/methods/external methods, 5 zcatalogs and 5 sets of zclasses) to Zope 2.9 and Five - as this appears to be a somewhat less painful migration than making a complete leap to Zope 3! Thanks again, Jonathan ----- Original Message ----- From: "Jake" <jake@zopezone.com> To: "Jonathan" <dev101@magma.ca> Cc: <zope@zope.org> Sent: Thursday, January 26, 2006 2:13 PM Subject: Re: [Zope] Zope - future planning
If it is "fairly extensive" I would think your best bet is to migrate up the 2.X ladder.
2.6 -> 2.7.8 (shouldn't be too bumpy) 2.7.8 -> 2.8.4 (ZCatalog issues) 2.8.4 -> 2.9.x (lots of Zope 3 goodness)
If you do those the jump into Zope 3 should be easier than not.
I usually wait for a .3 or .4 release to get in.
Jake _______________________ http://www.ZopeZone.com
On Thu, January 26, 2006 11:11 am, Jonathan said:
I have a fairly extensive application running on Zope 2.6 and would like to upgrade it for long-term maintainability. So I am looking for thoughts from the group as to whether it would be better to upgrade to the latest version of Zope 2, or 'bite-the-bullet' and upgrade to Zope 3.
Does anyone know the long term fate of Zope 2? (ie. is the plan to eventually move everything into Zope 3, then slowly fade Zope 2 from the picture, or will Zope 2 be with us forever?).
Any and all thoughts gratefully appreciated!
Thanks,
Jonathan
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Peter Bengtsson wrote:
On 1/26/06, Brian Lloyd <brian-aSqDGKcZc1w@public.gmane.org> wrote:
The ClassSecurityInfo is a convenience to provide a halfway-sane spelling for a lot of ugliness under the hood in setting up security.
IntializeClass (among other things) tells the CSI to apply itself to the class to set everything up, then it gets *removed* from the class.
I can't tell for sure from your code, but I suspect that IntializeClass is being called on MyProduct *before* you are doing your class augmentation -- if you can defer the call until after you hack it, it should work.
No, I did the InitializeClass() *after* everything else. So still no explaination. For what's going on.
That's because for all classes deriving from ExtensionClass there's a magical call (indirectly) to InitializeClass as soon as they are defined. That's one of the numerous things Jim pioneered with ExtensionClasses, at a time where metaclasses didn't exist. Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com fg@nuxeo.com
On 1/27/06, Florent Guillaume <fg@nuxeo.com> wrote:
Peter Bengtsson wrote:
On 1/26/06, Brian Lloyd <brian-aSqDGKcZc1w@public.gmane.org> wrote:
The ClassSecurityInfo is a convenience to provide a halfway-sane spelling for a lot of ugliness under the hood in setting up security.
IntializeClass (among other things) tells the CSI to apply itself to the class to set everything up, then it gets *removed* from the class.
I can't tell for sure from your code, but I suspect that IntializeClass is being called on MyProduct *before* you are doing your class augmentation -- if you can defer the call until after you hack it, it should work.
No, I did the InitializeClass() *after* everything else. So still no explaination. For what's going on.
That's because for all classes deriving from ExtensionClass there's a magical call (indirectly) to InitializeClass as soon as they are defined. That's one of the numerous things Jim pioneered with ExtensionClasses, at a time where metaclasses didn't exist.
Interesting. Thanks for you help. I'll have to blog about this now to remember it.
Florent
-- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com fg@nuxeo.com
-- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com
participants (7)
-
Brian Lloyd -
Florent Guillaume -
Jake -
Jonathan -
Lennart Regebro -
Martijn Faassen -
Peter Bengtsson