IRC log of #zope3-dev for Tuesday, 2006-12-05

« Monday, 2006-12-04 Index Wednesday, 2006-12-06 »
*** nebo has joined #zope3-dev00:03
*** natea has joined #zope3-dev00:14
*** Aiste has joined #zope3-dev00:14
*** rocky is now known as rocky|away00:14
*** xenru has quit IRC00:15
*** J1m has quit IRC00:30
*** natea|away has quit IRC00:31
*** flox has quit IRC00:36
*** timte has quit IRC00:45
*** RaFromBRC|lunch is now known as RaFromBRC01:03
*** natea_ has joined #zope3-dev01:08
*** autocoder has quit IRC01:12
*** natea has quit IRC01:22
*** jfroche_ has joined #zope3-dev01:33
*** natea_ is now known as natea|away01:38
*** jfroche has quit IRC01:48
*** ksmith99 has joined #zope3-dev01:53
*** yota has quit IRC01:54
*** natea has joined #zope3-dev02:00
*** febb has joined #zope3-dev02:08
*** natea|away has quit IRC02:15
*** jfroche_ has quit IRC02:25
febbhello02:27
*** rocky|away is now known as rocky|Zzz02:39
*** nathany has quit IRC02:46
*** natea_ has joined #zope3-dev02:52
*** ksmith99 has quit IRC02:54
*** febb has quit IRC02:58
*** natea has quit IRC03:00
*** xenru_ has quit IRC03:02
*** b_52CEntos_ has joined #zope3-dev03:13
*** WebMaven has joined #zope3-dev03:17
*** nebo has quit IRC03:18
*** WebMaven has quit IRC03:18
*** wrobel has quit IRC03:20
*** b_52GM has quit IRC03:21
*** tarek has quit IRC03:41
*** natea has joined #zope3-dev03:44
*** natea_ has quit IRC04:00
*** niemeyer has quit IRC04:00
*** adamSummers has joined #zope3-dev04:09
*** reco has joined #zope3-dev04:20
*** RaFromBRC has quit IRC04:21
*** natea_ has joined #zope3-dev04:37
*** natea has quit IRC04:52
*** adamSummers has quit IRC05:08
*** adamSummers has joined #zope3-dev05:08
*** stub has joined #zope3-dev05:13
*** alecm has quit IRC05:42
*** natea has joined #zope3-dev05:59
*** Theuni has quit IRC06:12
*** Theuni has joined #zope3-dev06:13
*** natea_ has quit IRC06:15
*** stub has quit IRC06:50
*** Theuni has quit IRC06:51
*** Theuni has joined #zope3-dev06:51
*** natea_ has joined #zope3-dev06:52
*** baijum has joined #zope3-dev07:04
*** natea has quit IRC07:07
*** zagy has quit IRC07:39
*** natea has joined #zope3-dev07:44
*** natea_ has quit IRC08:01
*** BjornT__ is now known as BjornT08:08
*** eins has joined #zope3-dev08:12
*** d2m has left #zope3-dev08:30
*** natea_ has joined #zope3-dev08:37
*** d2m has joined #zope3-dev08:45
*** natea has quit IRC08:45
*** philiKON_ has joined #zope3-dev08:52
*** philiKON has quit IRC09:01
*** tarek has joined #zope3-dev09:02
*** timte has joined #zope3-dev09:11
*** tarek has quit IRC09:15
*** philiKON_ is now known as philiKON09:25
*** hdima has joined #zope3-dev09:28
*** natea has joined #zope3-dev09:29
*** tarek has joined #zope3-dev09:31
*** opetznick has joined #zope3-dev09:35
*** natea_ has quit IRC09:37
*** dobee has joined #zope3-dev09:49
*** HakTom has joined #zope3-dev09:54
*** yota has joined #zope3-dev10:03
*** wrobel has joined #zope3-dev10:15
*** jfroche has joined #zope3-dev10:46
*** flox has joined #zope3-dev10:52
*** natea_ has joined #zope3-dev10:53
*** natea has quit IRC11:07
*** jinty has joined #zope3-dev11:27
*** natea has joined #zope3-dev11:44
*** tarek_ has joined #zope3-dev11:53
*** tarek has quit IRC11:56
*** natea_ has quit IRC12:01
*** tarek has joined #zope3-dev12:06
*** Aiste has quit IRC12:09
*** tarek_ has quit IRC12:14
*** natea_ has joined #zope3-dev12:37
*** Aiste has joined #zope3-dev12:43
*** baijum_ has joined #zope3-dev12:44
*** natea has quit IRC12:52
*** baijum has quit IRC12:56
*** niemeyer has joined #zope3-dev13:09
*** mgedmin has joined #zope3-dev13:09
*** mkerrin has joined #zope3-dev13:12
*** dunny has quit IRC13:14
*** tarek_ has joined #zope3-dev13:14
*** baijum_ is now known as baijum13:18
*** tarek has quit IRC13:20
*** dobee has quit IRC13:20
*** grahal has joined #zope3-dev13:28
*** natea has joined #zope3-dev13:29
*** tarek__ has joined #zope3-dev13:29
*** tarek_ has quit IRC13:34
*** b_52CEntos_ has quit IRC13:37
*** natea_ has quit IRC13:44
*** stub has joined #zope3-dev13:46
*** ignas has joined #zope3-dev13:59
*** b_52Centos has joined #zope3-dev14:03
*** dobee has joined #zope3-dev14:08
*** batlogg has joined #zope3-dev14:32
*** stub has quit IRC14:36
*** ignas has quit IRC14:41
*** edgordon has joined #zope3-dev14:44
*** baijum has quit IRC14:53
*** marcin_ant has joined #zope3-dev14:59
*** marcin_ant has quit IRC15:07
*** natea has quit IRC15:07
*** tarek__ is now known as tarek15:10
*** BjornT has quit IRC15:11
*** marcin_ant has joined #zope3-dev15:16
*** BjornT- has joined #zope3-dev15:22
*** BjornT- is now known as BjornT15:23
*** BjornT_ has joined #zope3-dev15:40
*** hazmat has joined #zope3-dev15:47
*** ChanServ sets mode: +o hazmat15:47
*** hazmat has quit IRC16:02
*** tarek_ has joined #zope3-dev16:05
*** gumpa has joined #zope3-dev16:05
*** waglik has joined #zope3-dev16:07
waglik'lo!16:09
waglikis it possible to construct an interface definition at runtime?16:10
mgedminyes, but usually you should not need to do that16:13
waglikBasically, I'm building an application with user-defined shipment documents.16:14
waglikEvery document has a heading and a set of lines, with user defined fields16:15
waglikthe definitions are stored in postgres database16:15
waglikI've figured out, it would be easiest to construct a Interface from the definition and prepare a formlib Form to get and validate the lines16:17
waglikmgedmin: can you tell me how to construct the Interface at runtime?16:17
waglikmgedmin: I've tried: ILine['field'] = Int(...)16:18
waglikmgedim: ILine.field = Int(...)16:18
waglikand it seems it doesn't work either way16:18
*** tarek has quit IRC16:19
mgedminwaglik: you do not need to create an interface!16:21
mgedminyou need to create a form.Fields() object16:21
mgedminform.Fields(Int(__name__='foo', title=...), TextLine(...))16:21
mgedminyou can also add fields together16:21
mgedminform.Fields(...) + form.fields(...)16:21
*** hazmat has joined #zope3-dev16:28
*** ChanServ sets mode: +o hazmat16:28
* waglik slaps his forehead :)16:34
waglikheh, i forgot it's that simple16:34
waglik:)16:34
*** J1m has joined #zope3-dev16:36
*** eins has quit IRC16:40
*** hdima has quit IRC17:06
*** ignas has joined #zope3-dev17:16
*** waglik has quit IRC17:18
*** BjornT has quit IRC17:18
*** grahal is now known as grahalAFK17:35
*** ignas has quit IRC17:36
*** grahalAFK is now known as grahal17:44
*** b_52Centos has quit IRC17:46
*** BjornT_ has quit IRC17:50
*** flox has quit IRC18:01
*** J1m has quit IRC18:03
*** edgordon has quit IRC18:04
*** projekt01 has joined #zope3-dev18:08
*** J1m has joined #zope3-dev18:10
*** BjornT has joined #zope3-dev18:14
*** andrew_m has quit IRC18:17
*** ignas has joined #zope3-dev18:20
*** hazmat has quit IRC18:36
*** projekt01 has quit IRC18:37
*** edgordon has joined #zope3-dev18:37
*** batlogg has quit IRC18:47
*** opetznick has quit IRC18:47
*** edgordon has quit IRC18:50
*** alecm has joined #zope3-dev18:53
*** jfroche has quit IRC18:56
*** edgordon has joined #zope3-dev18:59
*** philiKON has quit IRC19:02
*** hazmat has joined #zope3-dev19:03
*** ChanServ sets mode: +o hazmat19:03
*** batlogg has joined #zope3-dev19:03
*** philiKON has joined #zope3-dev19:11
alecmphiliKON: Is it OK if I check a failing test into Five, I'm still at a bit of a loss about how to fix this security thing.19:17
philiKONmake a branch?19:17
alecmWell, from what I'm seeing this can't be fixed in Five unless we do something really nasty.19:17
alecmEssentially zope's two traversal mechanisms (request traversal and object traversal) are doing their checks differently19:18
alecmthings that are unusable from restricted code work just fine when called via url, which is really bad19:19
philiKONuh, yes19:19
philiKONhow does zope deal with this problem normally, though?19:19
philiKONi mean, there's lots of such cases in zope 2 itself, right?19:19
alecmIn those cases private methods are generally explicitly marked as such on the class19:20
philiKONusing _?19:20
*** ignas has quit IRC19:22
alecmUsing security.declarePrivate(methodname) or __${methodname}__roles__ = ().  From restricted code methods with no security declarations are disallowed, in traversal they are allowed if the permissions on the most recent object in the aq_chain that had a security declaration would allow access to a user with the current users roles.19:23
alecmOr by not putting in a docstring19:23
alecmwhich is pretty common I guess19:23
philiKONand that approach doesn't work in browser views?19:24
alecmThe only reason I hadn't noticed this bug is because I am usually pretty lax about putting docstrings in place, esp when the interface has a docstring.19:24
alecmphiliKON: Sure it does, but in views we generally want to be able to do the security declarations using zcml, no?19:25
philiKONsure19:25
alecmWe'd have to introspect the class and make all methods private19:25
philiKONyeah19:25
alecmbut some need to be made protected/public19:25
philiKONdoesn't declareObjectProviate() work?19:25
philiKONthe IBrowserPublisher methods need to be protected/public19:26
philiKONbrowserDefault, __call__, etc.19:26
alecmmarking the class as private in all cases works but is prevents using the view directly from restricted code, like tal:define="view nocall:context/@@myview"19:26
philiKONi see19:27
philiKONso, lemme ask:19:27
alecm(it also breaks a bunch of tests that rely on this behavior)19:27
philiKONwould this solve the problem:19:27
philiKONin browser;page we take a look at the class and declare everything private that19:28
philiKON* is not part of IBrowserPublisher and19:28
philiKON* is not listed explicitly in allowed_attributes19:28
philiKON?19:28
*** reco has quit IRC19:29
alecmYes, though I'm not sure we have the allowed_attributes info when declaring the security on the class, it's also a little hack-y19:29
alecmUnfortunately, I have to go :-(19:29
philiKONttyl19:29
philiKONallowed_attributes would have to be supplied  by whoever writes the view and registers it19:29
alecmYeah, but the handler for 'permission' doesn't know about it, right?19:30
philiKONbrowser:page knows about it19:31
philiKONi think it'll work19:31
alecmphiliKON: OK, so what's the best way to find the methods on a class, iterate through the __dict__ looking for instances of FunctionType?  Or is there something better?19:39
philiKONdir(class)19:39
philiKONand then look for FunctionType19:40
philiKONor, methodtype19:40
philiKONunbound method type to be exact19:40
*** Londo_ has joined #zope3-dev19:44
alecmI was mistaken and did not have to go :-)19:48
alecmIt looks like it might be working, though it seems a bunch of the existing ftests depend on this bad behavior :-)19:49
mgedmininspect.ismethod() might be useful19:53
*** tonico|away is now known as tonico19:54
mgedminhmm... inspect.getmembers(class, inspect.ismethod)19:55
mgedmininspect.classify_class_attrs is also interesting19:55
mgedminalecm: hope that's useful for you19:55
alecmmgedmin: Thanks19:56
*** alecm has quit IRC19:56
*** opetznick has joined #zope3-dev19:56
*** alecm has joined #zope3-dev19:59
*** batlogg has quit IRC20:00
*** rocky|Zzz is now known as rocky20:10
alecmphiliKON: Thanks, looks like it's working.  I've checked it into 1.4 branch and I'll port to other branches later.20:14
*** RaFromBRC has joined #zope3-dev20:17
*** batlogg has joined #zope3-dev20:30
*** rocky is now known as rocky|away20:40
philiKONalecm: you da man20:42
*** dunny has joined #zope3-dev20:45
*** gumpa is now known as gumpa_afk20:48
hazmatalecm, you can get a minor abstraction using.. inspect .. getmembers( klass, lambda y: isinstance( y, types.FunctionType) )20:57
mgedminhazmat: are you saying that "inspect.getmembers(class, inspect.ismethod)" would not work?20:58
*** Londo_ has quit IRC20:59
*** henri_ has joined #zope3-dev21:00
*** tarek_ has quit IRC21:03
hazmatmgedmin, yeah... that would work too.. just didn't see it21:03
*** dobee has quit IRC21:04
*** dobee has joined #zope3-dev21:05
*** tarek_ has joined #zope3-dev21:08
*** henri_ has left #zope3-dev21:35
*** Londo_ has joined #zope3-dev21:37
*** grahal has quit IRC21:41
*** tarek has joined #zope3-dev21:48
*** romanofski has joined #zope3-dev21:50
*** tarek_ has quit IRC21:54
*** hazmat has quit IRC21:56
*** tonico has quit IRC21:58
*** mkerrin has quit IRC22:02
*** hazmat has joined #zope3-dev22:02
*** ChanServ sets mode: +o hazmat22:02
*** HakTom has quit IRC22:02
*** mgedmin has quit IRC22:09
*** alecm has quit IRC22:11
*** tarek has quit IRC22:12
*** opetznick has quit IRC22:15
*** gumpa_afk is now known as gumpa22:18
*** hazmat has quit IRC22:18
*** deo has joined #zope3-dev22:21
*** rocky|away is now known as rocky22:28
*** daniele has joined #zope3-dev22:31
*** whit is now known as whit|lunch22:34
*** dobee has quit IRC22:36
*** jinty has quit IRC22:42
*** RaFromBRC is now known as RaFromBRC|lunch22:50
*** whit|lunch is now known as whit22:50
*** dunny has quit IRC22:52
*** whit is now known as whit|busy22:54
*** flox has joined #zope3-dev22:58
*** dobee has joined #zope3-dev23:12
*** RaFromBRC|lunch is now known as RaFromBRC23:33
*** ksmith99 has joined #zope3-dev23:36
*** nathany has joined #zope3-dev23:38
*** romanofski has quit IRC23:40
*** whit|busy is now known as whit23:45
« Monday, 2006-12-04 Index Wednesday, 2006-12-06 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!