[Grok-dev] Re: Pushing for 1.0

Martijn Faassen faassen at startifact.com
Wed Dec 19 07:48:24 EST 2007


Tim Terlegård wrote:

Good question about the goals for 1.0. I think we'd like a 1.0 that is 
brag-worthy, but not at the cost of taking forever, I guess.

My plan for 2008 is to start making significantly more noise about Grok 
in public and to try to reach more adopters from without the Zope 
community. We want people to say Django, Turbogears, Pylons and Grok 
(though I take it actually Zope 3 -> Grok is a very similar relationship 
to Pylons -> Turbogears 2.0). A 1.0 is useful there. A runup to 1.0 is 
useful too.

>   * a different security policy where I can put permissions on models
>     instead of views. If I have 4 models and 100 views it may be better to
>     protect the data by putting require on the models instead of the views.
>     But maybe this already works?

The confusion here is that even if you don't protect your model's 
methods, you *can* give people local roles on models.

That's not to say it wouldn't be nice to be able to use @grok.require on 
a model's methods, but I've often seen people think that Grok has *no* 
model-based security information at all. That's not the case. Instead, 
the models don't *check* security automatically (no proxies). The 
information is there just as in Zope 3.



More information about the Grok-dev mailing list