[Zope3-checkins] SVN:
Zope3/trunk/src/zope/app/dublincore/timeannotators.py Unwrap
DCadapter in time annotators.
Garrett Smith
garrett at mojave-corp.com
Sun Feb 27 13:58:22 EST 2005
Gary Poster wrote:
> Zope3/trunk/src/zope/app/dublincore/timeannotators.py Unwrap DCadapter
> in time annotators.
>
>
>
> On Feb 25, 2005, at 7:10 PM, Albertas Agejevas wrote:
>>
>> ...Imagine a forum where anonymous
>> users post comments. Your suggestions imply that either DC write
>> access will be public, or modification times will not be updated.
>> This is bogus.
>>
>> A more plausible model would be if the event subscribers could be
>> declared as "trusted" if they do system-level things, like updating
>> the DC metadata or indexes.
>
> Albertas, your use case sounds reasonable. On one hand, I think it
> makes sense for a default Zope 3 app to *not* allow DC annotations if
> you do not have write privileges to an object (for instance, if you
> don't have have write access to an object it would seem surprising
> that you could be last modifier to me, as an out-of-the-box
> behavior); but on the other, it also might make sense for an app with
> your use case to allow DC annotations.
I see Albertas's point here. I think most people would want
create/modified to always work, regardless of how they have their
permissions set up.
This is also a function of event handlers *always* being called. Events
are a nice way to add functionality, but once they're subscribed, they
can be hard to work around.
> Would making an override zcml registration of the DC annotation
> subscriber in your package's zcml make sense for your app/package? It
> could make the DC subscriber a trusted subscriber ("trusted='yes'"),
> which does precisely what you want AFAICT. For the precise use case
> you mentioned, you might even be able to register the trusted DC
> subscriber only for the content types for which it makes sense (the
> forum, I guess).
I think implementing trusted event handlers is the way to go. Given
they're adapters, it should be a matter of hooking up 'trusted' via the
meta configure.
It's certainly an inconsistency that normal adapters can be trusted, but
event handlers can't.
-- Garrett
More information about the Zope3-Checkins
mailing list