[Zope-CMF] Re: [dev] Why is contentItems public?
yuppie
y.2004_ at wcm-solutions.de
Wed Sep 15 04:50:40 EDT 2004
Hi Tres!
Tres Seaver wrote:
> Jens Vagelpohl wrote:
>
>>> The default 'objectItems' (or 'contentIds' or 'contentValues') is
Oops! That line should read
... The default 'objectItems' (or 'objectIds' or 'objectValues') is
>>> much less expensive, but protected by 'Access contents information'
>>> and has no docstring.
>>>
>>> I propose to remove at least the docstrings of 'content*', on
>>> CMF-1_5-branch and HEAD.
>>
>> What's the outcome of removing the docstring? AFAIK it means they
>> cannot be accessed TTW anymore at all. Wouldn't that cause a lot of
>> breakage?
>
> It would make them inaccessible via URLs. PythonScripts / templates
> would still be able to use the 'content*' methods (assuming they retain
> their 'declareProtected' assertions), and should continue so.
You mean the 'declarePublic' assertions?
> We should *not* be attempting to fix poorly-designed applications by
> modifying security declarations. Any application which is using
> 'content*' (or 'object*') to display folder contents should be disabled
> for large enough folders (a catalog query using a path expression and a
> sort limit will typically do the job better, anyway).
I count this as
+1 for removing the docstrings
-1 for protecting them by a permission
Correct?
I'm fine with that and would check it in that way.
Cheers,
Yuppie
More information about the Zope-CMF
mailing list