search

collective / collective.taskqueue

Asyncore-based asynchronous task queue for Plone
https://pypi.org/project/collective.taskqueue
8 stars 7 forks source link

possible to optionally support queuing code like p.a.async #23

Open djay opened 5 years ago

djay commented 5 years ago

Would you consider the possibility for optional support which takes a callable and queues executing this? I'm guessing this would require storage in the ZODB (another mount or the same one) of the code temporarily during queuing. Or else it could be done by pickling the code into redis perhaps with some signature for safety? The usecase is that it makes for much nicer code rather than splitting your code into seperate views for everything you want to run async. It's would also be convenient for security. To make code thats async with taskqueue that can't be run by the user directly takes extra work at the moment to pass secrets or set alternative auth headers

datakurre commented 5 years ago

It's would also be convenient for security. To make code thats async with taskqueue that can't be run by the user directly takes extra work at the moment to pass secrets or set alternative auth headers

Task queue uses its own request class with ITaskQueueLayer and any view registered for that is only visible for task queue server requests and can never be accessed with browser. (Unless that layer is manually registered as a Plone browser layer.)

djay commented 5 years ago

I explained myself badly. I meant setowner mode. Ie where you want the user to be able to execute code as another user.

On Sat, 22 Jun 2019, 20:30 Asko Soukka, notifications@github.com wrote:

It's would also be convenient for security. To make code thats async with taskqueue that can't be run by the user directly takes extra work at the moment to pass secrets or set alternative auth headers

Task queue uses its own request class with ITaskQueueLayer and any view registered for that is only visible for task queue server requests and can never be accessed with browser. (Unless that layer is manually registered as a Plone browser layer.)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/collective/collective.taskqueue/issues/23?email_source=notifications&email_token=AAAKFZARJ74OFOEF6HMSZADP3YSQDA5CNFSM4HBKBGBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYKJP5Y#issuecomment-504666103, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAKFZCO4XKT7DH654EN4RTP3YSQDANCNFSM4HBKBGBA .

datakurre commented 5 years ago

I still don’t fully understand. View is the simplest possible way to give the task an execution context. Even code outside a view would require some context to make sense. Could you implement a view that takes restricted Python as a (POST) payload and executes that?

I recall that the PAS plugin was supposed to make it possible to execute code as another user easily... unless it forces the current user. That I don’t fully recall.