[Grok-dev] grokcore.component and trusted adapters

Christian Zagrodnick cz at gocept.com
Fri Aug 7 02:22:25 EDT 2009 

On 2009-08-06 19:19:19 +0200, Martijn Faassen <faassen at startifact.com> said:

> Hoi Christian,
> 
> Christian Zagrodnick wrote:
>> constantly I require trusted adapters.
>> 
>> Normally adapters are untrusted, that is, the adapt's self.context is
>> security proxied, the adapter itself is not. Trusted adapters on the
>> contrary have an unproxied self.context, but the adapters are
>> *themselves* proxied.
>> 
>> Now in ZCML that was easy:
>> 
>> 	<adapter … trusted="yes" />
>> 
>> With grokcore.component that's not possible. It also doesn't belong
>> there, as grokcore.component doesn't know about security. I suppose
>> support for trusted adapters should be put to grokcore.security. So my
>> favourite spelling would be:
>> 
>> 	class Adapter(grokcore.component.Adapter):
>> 		grokcore.component.context(ISomething)
>> 		gokcore.component.implements(ISomethingElse)
>> 		grokcore.security.trusted()
>> 
>> 
>> But it doesn't seem to be easily possible to implement. Somebody got an
>> idea? Other comments?
> 
> Ah, we haven't had a need for trusted adapters yet in Zope 2 and Grok,
> as we don't have the pervasive model-level security checks in those
> frameworks. But if you mix grokcore.component with Zope 3 apps that do
> use this mechanism I can see you'd need a feature like that.

Right :)


> 
> What I'd suggest is you implement a new TrustedAdapter and place it in
> grokcore.security. I think that way you sidestep a possible dependency
> cycle between grokcore.component and grokcore.security that we probably
> want to avoid. Since we call them 'Trusted Adapters' anyway, I think
> using base class for this makes reasonable sense.

Okay, fine with me.


> This way you should be able to write a grokker that does the equivalent
> of whatever the ZCML implementation of trusted adapters does.

Unfortunately this looks like duplicating the gorkker for the adapter. 
I wouldn't want to do that. But I have a look into it.


> 
> Alternatively it *might* be possible to write a trusted directive in
> grokcore.security and an additional grokker there which reads this and
> changes the registration somehow, but I can't see whether that's going
> to be easy or hard at this point...

Ah. Changing the registration … will ponder aobut that :)

Anyway, thanks for the input.


-- 
Christian Zagrodnick · cz at gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1
Zope and Plone consulting and development

More information about the Grok-dev mailing list