[Zope3-dev] Rename security:allow?
Steve Alexander
steve@cat-box.net
Tue, 28 May 2002 13:23:00 +0100
Guido van Rossum wrote:
>
> I think the security directive context isn't strong enough to convey
> the proper semantics for "allow". OTOH, "require" is strong enough --
> a requirement is something without which we can't do. (I see nothing
> wrong with deny BTW.)
>
> So I propose to rename security:allow to security:require. (I'd be
> happy to turn this into a Wiki proposal if Jim agrees.)
I like this.
It sort of turns around the canonical order of attributes in the zcml
declaration.
<security:allow names="foo bar" permission_id="Zope.View" />
allow access to foo and bar if you have the permission Zope.View
<security:require permission_id="Zope.View" names="foo bar" />
require permission Zope.View to access foo and bar
The latter reads much better to me.
--
Steve Alexander