[Zope3-Users] Re: Vocabularies beyond SimpleVocabulary

Piotr Chamera piotr_chamera at poczta.onet.pl
Mon Jun 12 16:35:05 EDT 2006


Philipp von Weitershausen wrote:
> Piotr Chamera wrote:
>>def getVocabulary(context, items_container, title_field):
>>    list = []
>>    root=zapi.getRoot(context)
>>    for (oid, oobj) in root.get("books").get(items_container).items():
>>        obj = removeAllProxies(oobj)
> 
> Don't remove (security) proxies here! You're totally disabling security
> with this.
> 
>>        list.append( SimpleTerm( obj, str(obj.__dict__[title_field]),
>>                                 obj.__dict__[title_field]))
> 
> 
> This spelling is very awkward. It's probably also the reason why you
> wanted to remove proxies above. You should write this as:
> 
>   list.append(SimpleTerm(obj, getattr(obj, title_field),
>                          getattr(obj, title_field)))
> 
>>    return SimpleVocabulary( list )
> 

I have removed proxies because I stored selected objects in attribute of 
another object with forms generated from schema. But I probably can 
remove proxy in set method of that attribute (property) or ... what else 
can I store as reference to object in attribute of another object to be 
secure?

-- 
Thanks for your explanations
Piotr Chamera


More information about the Zope3-users mailing list