[Zope-CMF] Re: last call before feature freeze! + !CMFTopic!
Tres Seaver
tseaver at zope.com
Thu Aug 5 08:32:02 EDT 2004
Kai Hoppert wrote:
> i developed a ExpressionCriterion Field for CMFTopic. It acts like a normal SimpleStringCriterion.
> The diffrent is that you can use python and string expressions. For example you can
> write python:portal.portal_membership.getAuthenticatedMember(). So that you only need one topic
> to show all items a authenticated member has create.
>
> Does anybody need this. Is it interesting to integrate this in CMFTopic for next release.
> open attachement to see the code.
The idea is attractive. I have a couple of questions on the code:
- Why allow only 'string:' and 'python:' expressiosn? For instance,
your example above would work fine as
'portal/portal_membership/getAuthenticatedMember'.
- Do you think we might add more names to the context? E.g.,
'criterion' and 'topic'.
- Reusing the 'ssc_edit' form is OK, but maybe we should come up
with a better one (which explained the names available to the
expressions?)
and one on the implications:
- Exposing the ability to write code (even in the limited form of
'python:' or path expressions) at the "CMS" level might present
interesting security challenges. I would guess that we should
think hard about how to restrict access to the ability to create
EC's.
Comments, anyone (especially on the last)?
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope-CMF
mailing list