[Zope-dev] Re: names starting with '@' are not reserved

Wed Mar 15 05:23:20 EST 2006

Hi Philipp!

Philipp von Weitershausen wrote:
> Dieter Maurer wrote:
>> Chris McDonough wrote at 2006-3-13 10:21 -0500:
>>> ... silly id restrictions ...
>>> Here's my current monkeypatch to Zope to unrestrict a good number of
>>> characters:
>>>
>>> def patch_objectmanager_badid():
>>>     """ Causes Zope to be less restrictive in the set of characters it
>>>     accepts as valid within object identifiers.
>>>
>>>     Added as acceptable: []*'!:@&#=+$
>>>     """
>>>
>>>     import re
>>>     acceptable = r'[^a-zA-Z0-9-_~,.$\(\)\[\]\*\'\!\:\@\&\#\=\+\$ ]'
>>>     bad_id = re.compile(acceptable).search
>>>     import OFS.ObjectManager
>>>     OFS.ObjectManager.bad_id = bad_id
>>>
>>> The projects that use this patch have been in use for several years;
>>> they predate Five.  I of course don't mind continuing to do this, but
>>> I'd hate to have to change it temporarily (to fix this bug which
>>> actually isn't a bug for me because I don't use Five for these
>>> projects) and then change it again when we do the pluggable thing.
>> +1
>>
>> Looks as if we had very similar project requirements...
> 
> Chris's and Dieter's requirements seem to even more confirm my proposal that we
> should propertly factor this out to a name chooser adapter that everyone can
> configure for themselves. Then this discussion what ObjectManager should do or
> not do will become irrelevant because it won't do anything anymore :). This is
> actually how Zope 3 containers work. They perform no name checks *at all*.
> It's the application (in particular, the adding view) that does it.

Zope 2's ObjectManager class is not as abstract as Zope 3 containers 
are. It provides a lot of folder specific behavior. I guess it would be 
better to subclass ObjectManager from a generic container class than 
trying to move all non-generic code in subclasses of ObjectManager.

> Yuppie's concern are Zope versions 2.8 and 2.9.

Depends on the proposed solution for Zope 2.10. If you want to make a 
distinction between ObjectManager and Folder I can live with it. But 
Zope 2 folders should (by default) perform the same name checks as Zope 
3 folders. And they don't allow names starting with '@'.

> I say that we'd just have to
> live with the fact that objects can shadow views there. Applications like the
> CMF can make sure that they don't on an application-level, as Chris suggests,
> preferrably through a name chooser adapter.

I try to restate the problem:

- It is quite common that normal users are allowed to add objects in 
Zope applications.

- If views are shadowed by objects this can seriously break the app.

- Good software makes sure normal users can't break the app.

Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder 
methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 
folder views. Even the bad_id-patch described above doesn't allow to 
override folder methods.

Making the name chooser configurable doesn't release us from the need to 
provide a good default name chooser.

I still believe this should be fixed as I proposed, but given the 
resistance I give up my attempt to get this fixed. This is now 
http://www.zope.org/Collectors/Zope/2048 and I hope someone else will 
fix it.

Cheers,

	Yuppie