On 2010-07-26 18:34, Abel Deuring wrote:
On 26.07.2010 17:03, Jonathan Lange wrote:
I used to agree, but now I'm not so sure. Can you give an example of
the kind of permission problem we might miss, or of one that we've
caught because we were using security proxies in our model tests?
I can't give any good example. My reason simply is this: if we get an
Unauthorized exception while iterating over the result of
getUtility(IFooSet).getStuff(), we know that we should either fix
getStuff() or use/write a method getStuffForUser(some_person).
I'm inclined to agree with Abel: it's still better for us to run into
test complications and be regularly worried about security proxies than
to lose the mental reinforcement of the security model. Lose the
reinforcement and we'll gradually lose our inhibitions w.r.t. creating
unproxied objects.
(Old-fashioned Iron Maiden education taught us this as "take not thy
thunder from us, but take away our pride." It may not have been about
Zope originally.)
Jeroen
_______________________________________________
Mailing list: https://launchpad.net/~launchpad-dev
Post to : [email protected]
Unsubscribe : https://launchpad.net/~launchpad-dev
More help : https://help.launchpad.net/ListHelp
