allowed_interface declarations ignore inheritance of methods from base classes.

[darryldixon]

https://github.com/zopefoundation/Zope/blob/b41806767e4dc98d17142f5597a19500b3a84915/src/Products/Five/viewlet/metaconfigure.py#L48

Interface.names() ignores the names of methods/attributes from base classes. This means that declaring an allowed_interface only declares part of the actual interface, breaking common Python assumptions and conventions around class inheritance, and in fact inconsistent with other parts of Zope itself. I will submit a patch shortly.

[darryldixon]

Patch against Zope-4.1.1:

--- Products/Five/viewlet/metaconfigure.py.orig	2020-01-16 15:08:17.543374425 +1300
+++ Products/Five/viewlet/metaconfigure.py	2020-01-16 15:08:00.307610444 +1300
@@ -45,7 +45,7 @@
         allowed_attributes = ['render', 'update']
     if allowed_interface is not None:
         for interface in allowed_interface:
-            allowed_attributes.extend(interface.names())
+            allowed_attributes.extend(interface.names(all=True))
 
     # Make sure that the template exists and that all low-level API methods
     # have the right permission.
@@ -120,7 +120,7 @@
         allowed_attributes = ['render', 'update']
     if allowed_interface is not None:
         for interface in allowed_interface:
-            allowed_attributes.extend(interface.names())
+            allowed_attributes.extend(interface.names(all=True))
 
     # Make sure that the template exists and that all low-level API methods
     # have the right permission.

This is handled in five.browserpage.metaconfigure by treating the Interface attributes as iterable, like "for i in Interface"

So this patch, although fractionally different in approach, brings the viewlet allowed_interface declaration in to harmony with the browserpage allowed_interface declaration.

Apparently the RichText editor here doesn't like preformatted text.

[jamadden]

Apparently the RichText editor here doesn't like preformatted text.

(I've edited the message to fix the formatting. It's three backticks on a new line to open a text block (optionally followed on the same line by the syntax name to use for highlighting) and three backticks on their own line to close the block. Lines beginning with a + or - do not need escaped with a \. So here it was ```diff…```.)

[icemac]

I'd like to close this issue as won't do: The last comment was 3 years ago. Okay?

[icemac]

The PR #764 was also closed unmerged years ago.