[Zope-dev] Security Gurus Wanted
Phillip J. Eby
pje@telecommunity.com
Sat, 19 Jan 2002 11:06:38 -0500
At 10:43 AM 1/19/02 -0500, vio wrote:
>* vio <vmilitaru@sympatico.ca> [020119 09:56]:
>
>So Globals.InitializeClass(your_class) finds the declaration
>'security.declareSomething()' inside a class, but 'security' being
>a reference to a ClassSecurityInfo object AT THE MODULE LEVEL somehow has
>no effect at the class level (while I wrongly thought that by declaring it
>at the module level like that, it will behave more or less like a 'global'
>variable). I wonder what was carried at the class level, but something
>definitely was, else Python would have thrown something ugly at me.
Check the Python reference manual -- not the library reference, but the
language definition. You'll find that Python has two primary scopes:
"local" and "global". When a class statement is executing, the "local"
namespace is the future __dict__ of the class, and the global namespace is
the module __dict__. If "security.Foo()" is in the body of a class, and
"security" is not in the *local* namespace (i.e. already defined in the
class body), then it will be looked up in the global namespace. Thus, your
calls went to the module-level "security", but no "security" object was
present in the resulting class (because there was no statement placing one
there).
IMHO, you don't want to share a security object between more than one
class, since presumably they will have different declarations and thus each
require their own. So there's no reason to create a ClassSecurityInfo
object at the module level, anyway.