[Zope-dev] Security Gurus Wanted

vio vmilitaru@sympatico.ca
Sat, 19 Jan 2002 11:23:32 -0500


You are right, I struggled a lot to understand Zope's declarative security 
model. And I am still learning, so practice makes better. I didn't read 
Globals.InitializeClass() source, and I wrote my following comments out of the 
blue. Developping an error-correcting system might still be a little out
of my league, for now.
Anyway, the important thing is that your initial comments regarding Boring.py
were right on target: 'security = ClassSecurityInfo()' must be declared
INSIDE the class. It really solved my problem. 
Thanks again !!!

Cheers,
Vio


* Steve Alexander <steve@cat-box.net> [020119 11:05]:
> vio wrote:
> 
> <deletia>
> 
> > So Globals.InitializeClass(your_class) finds the declaration 
> > 'security.declareSomething()' inside a class, but 'security' being
> > a reference to a ClassSecurityInfo object AT THE MODULE LEVEL somehow has 
> > no effect at the class level (while I wrongly thought that by declaring it
> > at the module level like that, it will behave more or less like a 'global'
> > variable).
> 
> <deletia>
> 
> > In my opinion, Globals.InitializeClass() should check such calls to
> > security methods
> 
> You appear not to understand how Python and the declarative security 
> system in Zope work.
> 
> Globals.InitializeClass() does not read the source to your modules. You 
> would need some sort of "lint" tool to perform the checking you describe.
> 
> 
> Why not try to implement a simple case of the error-correcting system 
> that you describe? You might want to extend an existing lint tool such 
> as PyChecker, to take account of conventions used in Zope products.
> 
>    http://pychecker.sourceforge.net/
> 
> --
> Steve Alexander