[Zope-dev] __bobo_traverse__, new ZCatalog and ZClasses

Steve Alexander steve@cat-box.net
Sun, 07 Jan 2001 12:41:06 +0000


Steve Alexander wrote:

> Zope 2.3, from cvs on 2000-12-24, patched with Chris P's latest ZCatalog 
> stuff.
> 
> I'm getting a bad interaction between ZClasses, ZCatalog and 
> __bobo_traverse__.
> 
> I have some ZClasses that are accessed via a container that implements 
> __bobo_traverse__. The problem is that, although I can get to the ZClass 
> instances by typing a URL into by browser, I get a security error when I 
> try to get to them using restrictedTraverse.
> 
> This causes a problem, as it means these instances cannot be catalogued 
> in a ZCatalog, because ZCatalog now uses restrictedTraverse to get an 
> object for indexing.
> 
> The zope security validation gets stuck between not knowing for sure 
> what the object's container is (according to comments from 
> Traversable.py), and ZClasses not returning anything for __roles__.
> 
> ZPatterns jargon paragraph:
> All this causes a problem if you want to use the ZPatterns idiom of 
> ZClass DataSkins in a Specialist, catalogued using a ZCatalog. You can 
> get around it by providing a __roles__ attribute using SkinScript.

In the latest ZCatalog product from CVS, this workaround is no longer 
needed.

When a ZCatalog tries to catalog an object, it first tries to get to it 
using restrictedTraverse, and if that fails, it uses REQUEST.resolve_url 
as a fallback.

REQUEST.resolve_url gets to the DataSkin in the Specialist without 
raising a security error.


> Is there some bug in the ZClasses __roles__ machinery?
> 
> When does __roles__ get set on objects or classes anyway? I've found the 
> description of what __roles__ are used for in the old Trinkets tutorial 
> document. I think things have moved on a bit since then, though.

I'd still like to know the answer to these two questions.

-- 
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net