[Zope3-dev] inherited security (and timezones)
Gary Poster
gary at zope.com
Thu Aug 25 23:50:50 EDT 2005
Jim mentioned to me a while ago that he was planning to have security
settings for classes inherit. I was against it, because I thought
that like_class answered the use case sufficiently, explicitly, and
not overly annoyingly.
However, in order to get pytz timezones--a large set of automatically
generated classes that potentially change every quarter--to do what
we want without that, I only see monkeypatches. :-/ So I'm +1 on
inherited security I guess.
It would theoretically let me do something like this zcml
<content class="datetime.tzinfo">
<require permission="zope.Public"
interface="zope.interface.common.idatetime.ITZInfo" />
</content>
<content class="pytz.tzinfo.BaseTzInfo">
<require permission="zope.Public" attributes="zone" />
</content>
<content class="pytz.UTC">
<require permission="zope.Public" attributes="zone" />
</content>
instead of this monkey patch (recorded for posterity, in case anyone
needs this now...or has a better suggestion)
# XXX argh.
import pytz.tzinfo
from zope.security.checker import NamesChecker
from zope.interface.common.idatetime import ITZInfo
names = set(ITZInfo.names(all=True))
names.add('zone')
checker = NamesChecker(names)
pytz.UTC.__Security_checker__ = checker
pytz.tzinfo.BaseTzInfo.__Security_checker__ = checker
# end argh.
Gary
More information about the Zope3-dev
mailing list