[Grok-dev] Re: Neanderthal sprint topics

Tres Seaver tseaver at palladion.com
Tue Oct 2 18:24:00 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Philipp von Weitershausen wrote:

> Martijn Faassen wrote:

>> On it being a push model, we push the context, request and view to the 
>> template. :)
> 
> Well, yeah. But you'd be surprised how many ZPT templates you see in 
> Zope (2) applications (such as Plone) that abuse the availability of 
> 'context' and reach waaaaaay too much into content space. Admittedly 
> it's a combination of having 'context', acquisition and Python 
> expressions. But still. We should try to find a decent compromise.

I would actually avoid a compromise:  don't even *offer* context to new
views by default, especially ones coming from "push" land:  even 'view'
and 'request' are probably a bad idea.  Instead, make the view class
responsible for constructing an explicit namespace for the template.

Such an approach has a number of benefits:

 - The template contains no "heaving lifting" / API-dependent logic
   (because it can't get to the APIs at all).

 - The contract of the view class becomes explicit and testable.

 - The view renders faster, because no security checks need be done
   *at all* in a push-model view (the class is implicitly trusted,
   and the template only gets what the trustee gives it).

For an example of using this model under ZPT, see:

  http://agendaless.com/Members/tseaver/software/pushpage/


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHAsUA+gerLs4ltQ4RAsmaAKDcQR/UKVUlfa6/eiB1FvNBuLw1nwCdGK39
XiVagBP/c5+YZ1HSVze1yBY=
=BE9f
-----END PGP SIGNATURE-----



More information about the Grok-dev mailing list