[Zope-CMF] Re: [dev] Why is contentItems public?
Tres Seaver
tseaver at zope.com
Mon Sep 13 07:52:27 EDT 2004
Jens Vagelpohl wrote:
>> The default 'objectItems' (or 'contentIds' or 'contentValues') is much
>> less expensive, but protected by 'Access contents information' and has
>> no docstring.
>>
>> I propose to remove at least the docstrings of 'content*', on
>> CMF-1_5-branch and HEAD.
>
>
> What's the outcome of removing the docstring? AFAIK it means they cannot
> be accessed TTW anymore at all. Wouldn't that cause a lot of breakage?
It would make them inaccessible via URLs. PythonScripts / templates
would still be able to use the 'content*' methods (assuming they retain
their 'declareProtected' assertions), and should continue so.
We should *not* be attempting to fix poorly-designed applications by
modifying security declarations. Any application which is using
'content*' (or 'object*') to display folder contents should be disabled
for large enough folders (a catalog query using a path expression and a
sort limit will typically do the job better, anyway).
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope-CMF
mailing list