[Zope3-dev] Form framework, adapters and pau

[Dominik Huber]

Jim Fulton wrote:

> Dominik Huber wrote:
>
>> Jim Fulton wrote:
>>
> ...
>
>>> Here are 2 other alternatives to consider:
>>>
>>> 1. Add a "locate" option to the adapter directive, which
>>>    defaults to false.  If true (locate="1"), then a location
>>>    proxy is always added to the adapter.
>>
>>
>>
>> Yup.
>> -1 That's might be *to much explicitness* for dev
>
>
> I really don't think so.
>
> > 1 and complecates the
>
>> adapter directive too.
>
>
> Actually, I think it simplifies it a little.  It separates trusted-ness
> from location-ness.
>
>>> 2. Option 1 but default to true if a non-public permission is
>>>    specified.
>>>
>>> These alternatives are explicit and hande the case where
>>> permissions are declared in a separate directive.
>>
>>
>>
>> In both sugestions the problem is not solved, that the public 
>> permission declaration within the adapter directive cannot be adapted 
>> to all  trusted adapters, because the 'valid' security-declartations 
>> might be registered within an addional <class...
>
>
> I think you are mistaken.  If you declare permissions in a class
> directive, you'd use a locate attribute in the adapter
> directive, as in:
>
> <adapter factory=".myFactory" trusted="1" locate="1" />
> <class class=".myFactory">
>    <require permission="X" interface="IX" />
>    ...
> </class>
>
> In this case you'd get the location even though the adapter
> directive doesn't specify a permission. 

Ok, I'm mistaken. That would be also fine with me.
The only thing we have to do additionaly is to look for potential bugs 
like the zwiki example.

Which alternativ do you prefer? I have time on  wednesday to implement 
your selection within the branch.

Regards,
Dominik