[Grok-dev] Re: Neanderthal sprint topics
Tres Seaver
tseaver at palladion.com
Tue Oct 2 18:24:00 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Philipp von Weitershausen wrote:
> Martijn Faassen wrote:
>> On it being a push model, we push the context, request and view to the
>> template. :)
>
> Well, yeah. But you'd be surprised how many ZPT templates you see in
> Zope (2) applications (such as Plone) that abuse the availability of
> 'context' and reach waaaaaay too much into content space. Admittedly
> it's a combination of having 'context', acquisition and Python
> expressions. But still. We should try to find a decent compromise.
I would actually avoid a compromise: don't even *offer* context to new
views by default, especially ones coming from "push" land: even 'view'
and 'request' are probably a bad idea. Instead, make the view class
responsible for constructing an explicit namespace for the template.
Such an approach has a number of benefits:
- The template contains no "heaving lifting" / API-dependent logic
(because it can't get to the APIs at all).
- The contract of the view class becomes explicit and testable.
- The view renders faster, because no security checks need be done
*at all* in a push-model view (the class is implicitly trusted,
and the template only gets what the trustee gives it).
For an example of using this model under ZPT, see:
http://agendaless.com/Members/tseaver/software/pushpage/
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHAsUA+gerLs4ltQ4RAsmaAKDcQR/UKVUlfa6/eiB1FvNBuLw1nwCdGK39
XiVagBP/c5+YZ1HSVze1yBY=
=BE9f
-----END PGP SIGNATURE-----
More information about the Grok-dev
mailing list