[Zope-dev] Proposal: refactoring of zope.app.security

Roger Ineichen dev at projekt01.ch
Tue Mar 10 19:12:48 EDT 2009


Hi Dan

> Betreff: [Zope-dev] Proposal: refactoring of zope.app.security
> 
> Hi people!
> 
> One of most large packages that really wants to be refactored but
> still wasn't touched is zope.app.security. It has much in it and it
> brings many dependencies, including zope.app.form and company. And
> even some zope.* packages, like zope.securitypolicy still depend on
> it. So, let's finally refactor it :)
> 
> Here's a sketch of a refactoring plan I wrote after taking a quick
> look at the current package:
> 
> - Move IAuthentication and other interfaces into new
> zope.authentication package. Also move there PrincipalSource and the
> "checkPrincipal" utility function. Also move there the PrincipalTerms
> class, however that will add dependency on zope.browser (which is
> really really tiny, as you may know).

Should we move the password "managers" registry and vocabulary
to zope.authentication too?

> - Move global principal registry, its IPrincipal/IGroup
> implementations and its directives into new zope.principalregistry
> package.
> 
> - Move LocalPermission into new zope.localpermission package. I
> personally didn't ever need local permissions.
> 
> - Rewrite PermissionsVocabulary and PermissionIdsVocabulary not to
> depend on zope.app.component and move them into zope.security. It's
> generally useful there and won't introduce any new dependencies.
> 
> - Move zcml definition of zope.Public permission. Maybe move security
> declaration for the `zope.security.permission.Permission` class as
> well.
> 
> - Leave all browser views, globalmodules.zcml, _protections.zcml,
> other zope.* permission definitions in zope.app.security as well as
> backward-compatibility imports.
> 
> - Just to note: the "settings" module was recently moved to
> zope.securitypolicy as there's the right place for it.
> 
> Not sure about:
> 
> - ILoginPassword and its basic implementations. The interface should
> probably go into zope.authentication while implementations - into
> zope.publisher. It will add a dependency on zope.authentication to
> zope.publisher, but the zope.authentication are expected to be really
> tiny and already installed for most applications, so I believe that
> it's okay.
> 
> - PrincipalLogging - the adapter from
> zope.security.interfaces.IPrincipal to
> zope.publisher.interfaces.ILoggingInfo. I'd just move it into
> zope.publisher, because it's already tied to zope.security.
> 
> - ILogoutSupported flag interface/adapter. Looks like it's only ever
> used for enabling/disabling the "logout" button in the UI. I'd
> deprecate it and leave in zope.app.security.

That's an important feature. It could be really hard to nearly
impossible to find out if an authentication provides logout or not
without the ILogoutSupport adapter or a similar concept.

We should think about how to replace that pattern if we skip the
existing one.

Regards
Roger Ineichen



More information about the Zope-Dev mailing list