[CMF-checkins] Re: CVS: CMF/CMFCore - utils.py:1.49

yuppie y.2004_ at wcm-solutions.de
Thu Feb 12 11:40:48 EST 2004


Casey Duncan wrote:
> First, let me apologize for nit-picking.

You are welcome.

> I'm concerned that we are replicating the Zope security policy here.
> Since it is possible to plug in a totally different security policy
> underneath CMF (or for the policy to simply change as it recently has),

Well. I understand your concerns. But CMF uses it's own 
_checkPermission() instead of Zope's checkPermission() since CMF 1.1. So 
the problem is at least no new problem and there shouldn't be any 
existing sites that use their own security policy for this.

> I see it being possible for this permission check to fail or succeed
> differently here then it would when the security policy enforces it.

Sure. That's what the code was written for.

> Perhaps the underlying security policy needs a more granular API, but it
> seems like we should defer to it for all policy making, and not second
> guess what it will do at this level.

I agree that in the long run the underlying security policy would be a 
better place for this. And I think a method like the modified 
_checkPermission would be an improvement for ZopeSecurityPolicy. But 
even in this case it might make sense to override it in CMF so we have a 
consistent behavior with all supported Zope versions.


More information about the CMF-checkins mailing list