[Zope-dev] Security Gurus Wanted

[Steve Alexander]

vio wrote:
> Just a word to thank you for your reply. 
> But incidently, wouldn't it be a good idea for Globals.InitializeClass() 
> to throw an error
> or a warning of some kind for hanging 'security.stuff()' declarations,
> declarations which do not have a related ClassSecurityInfo object AT THE
> CLASS LEVEL? 

That would be a fine idea. Unfortunately, there is no straightforward 
way telling that you called methods on the security object in the class 
definition.

When you call Globals.InitializeClass(your_class), it looks for a 
ClassSecurityInfo object, and doesn't find one.

The fact that your class definition had the side-effect of altering the 
module's security object doesn't leave any traces in the class object 
that results from your definition.

--
Steve Alexander