[Grok-dev] grokcore.component and trusted adapters
faassen at startifact.com
Thu Aug 6 13:19:19 EDT 2009
Christian Zagrodnick wrote:
> constantly I require trusted adapters.
> Normally adapters are untrusted, that is, the adapt's self.context is
> security proxied, the adapter itself is not. Trusted adapters on the
> contrary have an unproxied self.context, but the adapters are
> *themselves* proxied.
> Now in ZCML that was easy:
> <adapter … trusted="yes" />
> With grokcore.component that's not possible. It also doesn't belong
> there, as grokcore.component doesn't know about security. I suppose
> support for trusted adapters should be put to grokcore.security. So my
> favourite spelling would be:
> class Adapter(grokcore.component.Adapter):
> But it doesn't seem to be easily possible to implement. Somebody got an
> idea? Other comments?
Ah, we haven't had a need for trusted adapters yet in Zope 2 and Grok,
as we don't have the pervasive model-level security checks in those
frameworks. But if you mix grokcore.component with Zope 3 apps that do
use this mechanism I can see you'd need a feature like that.
What I'd suggest is you implement a new TrustedAdapter and place it in
grokcore.security. I think that way you sidestep a possible dependency
cycle between grokcore.component and grokcore.security that we probably
want to avoid. Since we call them 'Trusted Adapters' anyway, I think
using base class for this makes reasonable sense.
This way you should be able to write a grokker that does the equivalent
of whatever the ZCML implementation of trusted adapters does.
Alternatively it *might* be possible to write a trusted directive in
grokcore.security and an additional grokker there which reads this and
changes the registration somehow, but I can't see whether that's going
to be easy or hard at this point...
More information about the Grok-dev