Zope URL namespaces also looked up as views, unexpectedly mask other names
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Gary Poster |
Bug Description
Zope provides a mechanism to explicitly identify path elements in a URI as belonging to a certain "namespace." The spelling is ++NAMESPACE+
Unfortunately, the registration of namespaces is leaky: they also will be looked up as views, if no view of the same name exists. This is because namespaces are registered for adapting (context, request) and providing zope.traversing
This means, for example, that the following, original symptoms of this bug and bug 589011 happens:
"""
Visit https:/
in the search box type 'oops' and search. should take you to https:/
where the first hit under 'exact matches' is
Oops (Proprietary)
This project is about associating log information with an event. Later, when an event becomes interesting (an
...
This project doesn't seem to really exist, LOSA's can't access it even.
"""
The project did exist, and the search results were correct to include it. The problem was that traversal was blocked by this leaky registration.
This is true of any registered URI namespace. This is probably reasonably indicative of the specific problems we have:
$ make harness
>>> from zope import component
>>> from zope.traversing
>>> from zope.interface import Interface
>>> gsm = component.
>>> from zope.publisher.
>>> gsm.adapters.
((u'resource', <class 'zope.traversin
The proper fix would be to make view registration in the Zope framework actually based on a view being registered for a specific view interface, rather than anything at all. Backwards compatibility concerns make this very unlikely to happen.
Another approach would be to change our navigation to reject views that provide ITraversable. There are at least two reasons why this is a bad idea. First, ITraversable is a generic interface, and views sometimes legitimately provide it. Second, our navigation code is spread out over many modules, so changing this logic would be fragile.
A third approach would be to automatically or manually register null adapters to hide the namespace registrations from view lookup. Here's an example of manual registration that just fixes the "oops" namespace, as a proof of concept:
=== modified file 'lib/canonical/
--- lib/canonical/
+++ lib/canonical/
@@ -24,7 +24,7 @@
from zope.error.
from zope.event import notify
from zope.exceptions
-from zope.interface import implements
+from zope.interface import implements, implementer, Interface
from zope.publisher.
from zope.traversing
@@ -695,3 +695,7 @@
# Store the oops request in the request annotations.
return self.context
+
+@implementer(
+def adapter_
+ return None
=== modified file 'lib/canonical/
--- lib/canonical/
+++ lib/canonical/
@@ -35,5 +35,16 @@
/>
+ <!-- Because Zope view lookup is for factories that provide *any*
+ interface (an underlying problem in the framework that cannot be
+ fixed now without serious backwards compatibility problems), the
+ above will appear as a view and mask database objects in
+ traversal for the "oops" name unless we register a mask, as below.
+ See bug -->
+ <adapter
+ name="oops"
+ for="* zope.publisher.
+ factory=
+ />
</configure>
I'm going to pursue an automatic version of this approach. We could catch an event signaling the start of publishing, which will be after zcml has been processed. We could then automatically register adapter masks for all registered ITraversables that do not have views registered for them.
Related branches
- Curtis Hovey (community): Approve
-
Diff: 144 lines (+126/-0)3 files modifiedlib/canonical/launchpad/configure.zcml (+5/-0)
lib/canonical/launchpad/webapp/initialization.py (+57/-0)
lib/canonical/launchpad/webapp/tests/test_initialization.py (+64/-0)
summary: |
- blacklisted project shows up in search results + non blacklisted webapp hooks subtly break search |
description: | updated |
summary: |
- non blacklisted webapp hooks subtly break search + Zope URL namespaces also looked up as views, unexpectedly mask other + names |
description: | updated |
Changed in launchpad-foundations: | |
assignee: | nobody → Gary Poster (gary) |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad-foundations: | |
status: | Fix Committed → Fix Released |
It appears to me that the reported bug is that the project is broken, not that the search is broken. Therefore, I assigned it to registry. If I misunderstood, and this indicates a broken aspect of searching generally, please throw it over to launchpad- foundations.