[Grok-dev] Re: Pushing for 1.0
faassen at startifact.com
Wed Dec 19 07:48:24 EST 2007
Tim Terlegård wrote:
Good question about the goals for 1.0. I think we'd like a 1.0 that is
brag-worthy, but not at the cost of taking forever, I guess.
My plan for 2008 is to start making significantly more noise about Grok
in public and to try to reach more adopters from without the Zope
community. We want people to say Django, Turbogears, Pylons and Grok
(though I take it actually Zope 3 -> Grok is a very similar relationship
to Pylons -> Turbogears 2.0). A 1.0 is useful there. A runup to 1.0 is
> * a different security policy where I can put permissions on models
> instead of views. If I have 4 models and 100 views it may be better to
> protect the data by putting require on the models instead of the views.
> But maybe this already works?
The confusion here is that even if you don't protect your model's
methods, you *can* give people local roles on models.
That's not to say it wouldn't be nice to be able to use @grok.require on
a model's methods, but I've often seen people think that Grok has *no*
model-based security information at all. That's not the case. Instead,
the models don't *check* security automatically (no proxies). The
information is there just as in Zope 3.
More information about the Grok-dev