names starting with ' (at) ' are not reserved

[yuppie <y.2006_ (at) wcm-solutions.de>]

Hi Philipp!


Philipp von Weitershausen wrote:
> Dieter Maurer wrote:
> > Chris McDonough wrote at 2006-3-13 10:21 -0500:
> > > ... silly id restrictions ...
> > > Here's my current monkeypatch to Zope to unrestrict a good number of
> > > characters:
> > >
> > > def patch_objectmanager_badid():
> > >     """ Causes Zope to be less restrictive in the set of characters it
> > >     accepts as valid within object identifiers.
> > >
> > >     Added as acceptable: []*'!: (at) &#=+$
> > >     """
> > >
> > >     import re
> > >     acceptable = r'[^a-zA-Z0-9-_~,.$\(\)\[\]\*\'\!\:\ (at) \&\#\=\+\$ ]'
> > >     bad_id = re.compile(acceptable).search
> > >     import OFS.ObjectManager
> > >     OFS.ObjectManager.bad_id = bad_id
> > >
> > > The projects that use this patch have been in use for several years;
> > > they predate Five.  I of course don't mind continuing to do this, but
> > > I'd hate to have to change it temporarily (to fix this bug which
> > > actually isn't a bug for me because I don't use Five for these
> > > projects) and then change it again when we do the pluggable thing.
> > +1
> >
> > Looks as if we had very similar project requirements...
>
> Chris's and Dieter's requirements seem to even more confirm my proposal that we
> should propertly factor this out to a name chooser adapter that everyone can
> configure for themselves. Then this discussion what ObjectManager should do or
> not do will become irrelevant because it won't do anything anymore :). This is
> actually how Zope 3 containers work. They perform no name checks *at all*.
> It's the application (in particular, the adding view) that does it.

Zope 2's ObjectManager class is not as abstract as Zope 3 containers 
are. It provides a lot of folder specific behavior. I guess it would be 
better to subclass ObjectManager from a generic container class than 
trying to move all non-generic code in subclasses of ObjectManager.

> Yuppie's concern are Zope versions 2.8 and 2.9.

Depends on the proposed solution for Zope 2.10. If you want to make a 
distinction between ObjectManager and Folder I can live with it. But 
Zope 2 folders should (by default) perform the same name checks as Zope 
3 folders. And they don't allow names starting with ' (at) '.

> I say that we'd just have to
> live with the fact that objects can shadow views there. Applications like the
> CMF can make sure that they don't on an application-level, as Chris suggests,
> preferrably through a name chooser adapter.

I try to restate the problem:

- It is quite common that normal users are allowed to add objects in 
Zope applications.

- If views are shadowed by objects this can seriously break the app.

- Good software makes sure normal users can't break the app.


Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder 
methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 
folder views. Even the bad_id-patch described above doesn't allow to 
override folder methods.

Making the name chooser configurable doesn't release us from the need to 
provide a good default name chooser.


I still believe this should be fixed as I proposed, but given the 
resistance I give up my attempt to get this fixed. This is now 
http://www.zope.org/Collectors/Zope/2048 and I hope someone else will 
fix it.


Cheers,

	Yuppie

_______________________________________________
Zope-Dev maillist  -  Zope-Dev (at) zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )