[ckan-dev] model VS context['model']

• Previous message: [ckan-dev] model VS context['model']
• Next message: [ckan-dev] model VS context['model']
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This PR looks like you're letting users pass arbitrary object_type
strings to an API which are then used to do an attribute lookup in the
model module, and then you run code on the thing returned.

Am I missing something?  This seems really dangerous.

On Tue, May 28, 2013 at 5:07 PM, Vitor Baptista <vitor at vitorbaptista.com> wrote:
> Ping.
>
> Any feedback on this?
>
>
> 2013/4/22 Toby Dacre <toby.okfn at gmail.com>
>>
>>
>>
>> On 15 April 2013 22:20, Toby Dacre <toby.okfn at gmail.com> wrote:
>>>
>>>
>>>
>>> On 15 April 2013 21:36, Vitor Baptista <vitor at vitorbaptista.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> Toby was reviewing a pull request I sent
>>>> (https://github.com/okfn/ckan/pull/754/files#r3791087) and an interesting
>>>> question came up. We thought that it would be better to start talking here
>>>> instead of in the PR. The code is:
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> def model_name_to_class(model_name):
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>     try:
>>>>>         model_class_name = model_name.title()
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>         return getattr(model, model_class_name)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>     except AttributeError:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>         raise ValidationError(_("%s isn't a valid model" %
>>>>> model_class_name))
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Basically, this method turns a string into a class. For example, if you
>>>> call model_name_to_class('user'), you'd get ckan.model.User.
>>>>
>>>> Toby suggested that instead of using model (from "import ckan.model as
>>>> model"), I should use context['model'], as they might be different somehow.
>>>>
>>>> Does someone understand when it might happen, and why?
>>>>
>>>
>>> Just to add that this function is used in an action or auth function so
>>> we were given context and data_dict
>>>
>>
>>
>> Some feedback on this issue would be good
>>
>> @kindly any views?
>>
>>
>>>>
>>>> Cheers,
>>>> Vítor Baptista.
>>>>
>>>> _______________________________________________
>>>> ckan-dev mailing list
>>>> ckan-dev at lists.okfn.org
>>>> http://lists.okfn.org/mailman/listinfo/ckan-dev
>>>> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev
>>>>
>>>
>>
>>
>> _______________________________________________
>> ckan-dev mailing list
>> ckan-dev at lists.okfn.org
>> http://lists.okfn.org/mailman/listinfo/ckan-dev
>> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev
>>
>
>
>
> --
>
> Vítor Baptista
>
> Developer  |  http://vitorbaptista.com | LinkedIn | @vitorbaptista
>
> The Open Knowledge Foundation
>
> Empowering through Open Knowledge
>
> http://okfn.org/  |  @okfn  |  OKF on Facebook  |  Blog  |  Newsletter
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev
>

• Previous message: [ckan-dev] model VS context['model']
• Next message: [ckan-dev] model VS context['model']
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]