[Zope] [Search] Documentation for "SecurityManager.validate"

Chris McDonough chrism@zope.com
Thu, 22 Aug 2002 17:18:19 -0400


----- Original Message -----
From: "Dieter Maurer" <dieter@handshake.de>
To: <zope@zope.org>
Sent: Thursday, August 22, 2002 3:11 PM
Subject: [Zope] [Search] Documentation for
"SecurityManager.validate"


> I am looking for documentation about "SecurityManager.validate"
> (or "ZopeSecurityPolicy.validate", which is almost the same).
>
> Why do we get three outcomes: "return 1", "return 0" and "raise
Unauthorized"?
> I would expect just the two returns and no exception.
> The source documentation for the "raise Unauthorized" is simply
> incomprehensible for me.

I thought the same thing a while back, but haven't had sufficent
"tuits" to make the necessary changes.

http://dev.zope.org/Wikis/DevSite/Proposals/MakeRaiseUnauthorizedInS
ecurityPolicyOptional

> What are "accessed" and "container" (in contrast to one another)?
> Again, the source documentation does not give me a precise
> understanding.
> Why is it bad when "aq_base(accessed) is aq_base(container)"?
> This seems to indicate, that under certain conditions "accessed"
> and "container" must not be the same, why?

This code is so dense and sparsely commented that it's difficult to
tell.