On Monday January 26, 2009 16:18:36 Florent Aide wrote:
> a here is the patch that would permit to write the kind of predicates
> I need... Gustavo, what do you think? Is that ok with you to apply
> this on the trunk. You broke compatibility anyway so why not break it
> a little more... :)

Well, I've not broken compatibility since the first stable release and I hope 
that won't ever be necessary. I've just deprecated some things for forward 
compatibility. :)

The problem is that people are not expected to evaluate predicates by 
themselves using Predicate.evaluate(); that's what check_authorization() is 
for:
http://static.repoze.org/whatdocs/Manual/Predicates.html#repoze.what.predicates.Predicate.evaluate

Therefore, unfortunately it'd be useless that .evaluate() was able to receive 
arbitrary arguments and keyword arguments because it will never receive them. 
It'll only receive what check_authorization() passes to it (unless you run 
.evaluate() by yourself, which is discouraged -- check_authorization() does 
some useful things for you unlike plain .evaluate()).

As I mentioned in the previous email, I agree that context-sensitive 
authorization should require less code (i.e., not using 
paste.request.parse_formvars by yourself). But my concern is how to do it 
without breaking compatibility. I'm open to any solution that won't break 
compatibility.

In repoze.what v2, the way I'll address this is by passing the POST and GET 
variables to .evaluate() too. At least that's the solution I have in mind 
right now.

Cheers!
-- 
Gustavo Narea <http://gustavonarea.net/>.

Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

Reply via email to