[Zope] Security?

Small Business Services toolkit at magma.ca
Tue Dec 2 13:43:45 EST 2003


<snip>
> I know I'm doing the same thing but it's something I really want to do.  I
> guess I could return the list of tuples but wouldn't I then have to refer
to
> the fields by number instead of name?  That seems like a step backwards.
> I've got this nice object with named attributes and I shouldn't have to
> throw that out for security.   I tend to be a purest and have always tried
> to keep efficiency in mind when writing applications.  I really have to
get
> past that.  When I think about all the overhead a web application has to
go
> through to do the same job as my old green screen application, I shiver.

Why don't you return a dictionary if you want to refer to the fields by
name?

The following example code creates a dictionary and then populates it
(without having to hardcode the field/property names):

  <dtml-with "propertysheets.YourPropertySheetName">
      <dtml-call "REQUEST.set('pids', [])">
      <dtml-in propertyIds>
            <dtml-call "pids.append(_['sequence-item'])">
      </dtml-in>
  </dtml-with>

  <dtml-with YourDataFolder>
      <dtml-with "_.getitem(recid)">
        <dtml-in "_.range(_.len(pids))">
            <dtml-call "REQUEST.set(pids[_['sequence-item']],
_[pids[_['sequence-item']]])">
        </dtml-in>
      </dtml-with>
  </dtml-with>



HTH

Jonathan




More information about the Zope mailing list