On Mon, Jul 26, 2010 at 5:54 PM, Benji York <[email protected]> wrote: > On Mon, Jul 26, 2010 at 12:13 PM, Julian Edwards > <[email protected]> wrote: >> If it is *really* needed, I would *much* rather see an explicit >> removeSecurityProxy() with a comment explaining why you need to remove the >> wrapper. It should be a conscious exception, not a trap you can fall into. > > +1 > > I've fallen into that trap myself. > > As a result, if I have to remove a security proxy (in non-test code) I > ask myself if the operation I'm about to do is one the user shouldn't be > able to do of their own accord (otherwise it shouldn't be restricted by > the security proxy in the first place) and I'm removing the security > proxy because the system needs to perform some action that the user > himself isn't allowed to do.
That sounds like a good idea. However, the question that I now have is this: what benefit do we gain by insisting on security-proxied objects in the unit tests for our model code? jml _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
