[Grok-dev] grokcore.component and trusted adapters

[Martijn Faassen]

Hoi Christian,

Christian Zagrodnick wrote:
> constantly I require trusted adapters.
> 
> Normally adapters are untrusted, that is, the adapt's self.context is
> security proxied, the adapter itself is not. Trusted adapters on the
> contrary have an unproxied self.context, but the adapters are
> *themselves* proxied.
> 
> Now in ZCML that was easy:
> 
> 	<adapter … trusted="yes" />
> 
> With grokcore.component that's not possible. It also doesn't belong
> there, as grokcore.component doesn't know about security. I suppose
> support for trusted adapters should be put to grokcore.security. So my
> favourite spelling would be:
> 
> 	class Adapter(grokcore.component.Adapter):
> 		grokcore.component.context(ISomething)
> 		gokcore.component.implements(ISomethingElse)
> 		grokcore.security.trusted()
> 
> 
> But it doesn't seem to be easily possible to implement. Somebody got an
> idea? Other comments?

Ah, we haven't had a need for trusted adapters yet in Zope 2 and Grok, 
as we don't have the pervasive model-level security checks in those 
frameworks. But if you mix grokcore.component with Zope 3 apps that do 
use this mechanism I can see you'd need a feature like that.

What I'd suggest is you implement a new TrustedAdapter and place it in 
grokcore.security. I think that way you sidestep a possible dependency 
cycle between grokcore.component and grokcore.security that we probably 
want to avoid. Since we call them 'Trusted Adapters' anyway, I think 
using base class for this makes reasonable sense.

This way you should be able to write a grokker that does the equivalent 
of whatever the ZCML implementation of trusted adapters does.

Alternatively it *might* be possible to write a trusted directive in 
grokcore.security and an additional grokker there which reads this and 
changes the registration somehow, but I can't see whether that's going 
to be easy or hard at this point...

Regards,

Martijn