[Zope3-dev] HTTPRequest object broken when not used w/zope.server

[Phillip J. Eby]

The 'setUser' method of HTTPRequest does this:

self.response._outstream.setAuthUserName(user.getId())

This is pretty bogus, since AFAIK there is no requirement that the user 
object of a request should even have a 'getId()' method, and of course the 
requirement that 'response._outstream' have a 'setAuthUserName()' method 
doesn't work with CGI or FastCGI publishing (which until now I've been able 
to do with Zope 3).

Could the author of this code at least please move it into 'zope.app', 
where the assumption that the publisher is running under 'zope.server' 
might be more valid?  In other words, make this call in code that *calls* 
request.setUser(), not in request.setUser() itself.  If I understand the 
Zope 3 architecture correctly, this sort of policy-driven behavior should 
be in the Publication object anyway.