[Zope3-dev] Rename security:allow?
Jim Fulton
jim@zope.com
Tue, 28 May 2002 09:10:28 -0400
Steve Alexander wrote:
>
> Guido van Rossum wrote:
> >
> > I think the security directive context isn't strong enough to convey
> > the proper semantics for "allow". OTOH, "require" is strong enough --
> > a requirement is something without which we can't do. (I see nothing
> > wrong with deny BTW.)
> >
> > So I propose to rename security:allow to security:require. (I'd be
> > happy to turn this into a Wiki proposal if Jim agrees.)
>
> I like this.
>
> It sort of turns around the canonical order of attributes in the zcml
> declaration.
>
> <security:allow names="foo bar" permission_id="Zope.View" />
>
> allow access to foo and bar if you have the permission Zope.View
>
> <security:require permission_id="Zope.View" names="foo bar" />
>
> require permission Zope.View to access foo and bar
Or maybe:
<security:require permission_id="Zope.View" forAttributes="foo bar" />
:)
> The latter reads much better to me.
Me too.
Jim
--
Jim Fulton mailto:jim@zope.com Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org