[Zope3-dev] Zope3 comments and questions.
Jim Fulton
jim@zope.com
Tue, 11 Dec 2001 13:17:43 -0500
Chris Withers wrote:
>
> Jim Fulton wrote:
> >
> > We can't use different protection for the extended interface and the
> > interface it extends as that would lead to inconsistent assertions.
> > IContactEdit includes all the methods of IContactInfo. If we say that
> > IContactEdit is protected by ManageContacts, then we're saying that,
> > for exampe, the email method is protected by ManageContacts, but
> > we also say that email is protected by View. We can't have it both ways.
>
> Yeah, but what do I do if I want the edit method
You mean the update method.
> of the IContactEdit interface
> to be protected by ManageContacts while the email method should be protected by
> the SendEmail permission.
You can protect the methods directly. You don't *have* to use an interface.
If you feel you must use interfaces to make security assertions, then you
will need to factor the inerfaces so that they don't overlap. For example, the
IContactEdit interface could be factored so that it extended IContactInfo and
IContactUpdate, where IContactUpdate provided only the update method. Then you
could use IContactUpdate in your security assertion.
> This soudns like the same area that resulted in the horrible _setName hack in
> Zope 2, is it?
Not. _setName resulted from a detail in the ways that File-system DTML methods
did attribute lookup.
There won't be any hint of that in Zope 3.
Jim
--
Jim Fulton mailto:jim@zope.com Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org