[Zope-dev] Adding execute() to Zope DA's for use by External methods
Brad Clements
bkc@murkworks.com
Tue, 14 Nov 2000 12:01:36 -0500
I have Python code that I use outside of Zope, and inside Zope via
external methods. This code uses database adapters (anything version
1 or later).
When my code is used within Zope, I have in the past had two database
connections from within the Zope process. One connection is the actual
Zope DA (I'm using gvib) and the other is a python db connection.
This has worked okay on Windows, but I'm getting strange lockup
problems after moving to Linux.
In any case, it seems to me the better way to do this would be to allow
external methods to get db-like access to a zope DA.
Most Zope DA's are built in db-sig type db connectors, so it seems like
a relatively simple matter to define a new interface for Zope DA's to
make available that supports execute semantics.
The big issue in my mind is determining what kind of security needs to
be applied to such a function, and how that security would be
implemented.
I suppose stealing roles/rights from SQL_Methods for use here makes
sense. If you can call an SQL method, you can call execute() directly.
Is there any support from the Zope community to add execute() like
operations to Zope DA's?
If yes, where should I start in figuring out security for this.
And finally, how does an external method pass security information
"back" to the DA?
For example, I tried passing my Gvib instance to an external method.
But when that method called the gvib instance to get a connection
instance, it got a "no __call__ method" error.
So then I tried passing the connection from dtml,
ie
<dtml-var "MyMethod(db=MyInterbaseConnection())">
but when MyMethod calls db.cursor() it gets a security error. Probably
because this function isn't exposed by the security machinery.
(same thing probably for the __call__ error)
Brad Clements, bkc@murkworks.com (315)268-1000
http://www.murkworks.com (315)268-9812 Fax
netmeeting: ils://ils.murkworks.com AOL-IM: BKClements