[Zope] Security?
Small Business Services
toolkit at magma.ca
Tue Dec 2 13:43:45 EST 2003
<snip>
> I know I'm doing the same thing but it's something I really want to do. I
> guess I could return the list of tuples but wouldn't I then have to refer
to
> the fields by number instead of name? That seems like a step backwards.
> I've got this nice object with named attributes and I shouldn't have to
> throw that out for security. I tend to be a purest and have always tried
> to keep efficiency in mind when writing applications. I really have to
get
> past that. When I think about all the overhead a web application has to
go
> through to do the same job as my old green screen application, I shiver.
Why don't you return a dictionary if you want to refer to the fields by
name?
The following example code creates a dictionary and then populates it
(without having to hardcode the field/property names):
<dtml-with "propertysheets.YourPropertySheetName">
<dtml-call "REQUEST.set('pids', [])">
<dtml-in propertyIds>
<dtml-call "pids.append(_['sequence-item'])">
</dtml-in>
</dtml-with>
<dtml-with YourDataFolder>
<dtml-with "_.getitem(recid)">
<dtml-in "_.range(_.len(pids))">
<dtml-call "REQUEST.set(pids[_['sequence-item']],
_[pids[_['sequence-item']]])">
</dtml-in>
</dtml-with>
</dtml-with>
HTH
Jonathan
More information about the Zope
mailing list