[Grok-dev] Re: Pushing for 1.0

Philipp von Weitershausen philipp at weitershausen.de
Wed Dec 19 13:09:06 EST 2007


On 19 Dec 2007, at 17:54 , Tres Seaver wrote:
>>>  * a different security policy where I can put permissions on models
>>>    instead of views. If I have 4 models and 100 views it may be  
>>> better to
>>>    protect the data by putting require on the models instead of  
>>> the views.
>>>    But maybe this already works?
>>
>> It does, sorta. But it's very convoluted because of the way the  
>> Zope 3
>> publication machinery is set up. It was actually one of the first  
>> things
>> that were written when Zope 3 was started and it doesn't even come  
>> close
>> to using the component architecture in a way that you'd want it to.
>>
>> I think, in the long term, much good could come out of collaborating
>> with repoze and their approach to "exploding" the publication.
>
> I'm not sure why model-based security ties in here, unless you mean
> you'd like to do security checks during publishing traversal.

Well, that's what Zope 3 does in the publication by wrapping objects  
in security proxies. So in order to change that policy, you have to  
change the whole publication, which also does transaction management,  
error handling, etc...

> Exploding the Zope3 publisher / publication story would help with the
> WSGI integration, too (e.g., to avoid having the publication snag
> errors, commit transactions, etc.)  At the moment, 'repoze.grok' has  
> to
> add a middleware layer to get the error handling turned off, and it
> doesn't allow some of the more creative use cases satisfied by
> 'repoze.zope2' (e.g., using a non-ZODB root object, or tweaking the
> post-mapply call chain).

Right.




More information about the Grok-dev mailing list