On Mon, Jan 26, 2009 at 1:36 PM, Gustavo Narea <m...@gustavonarea.net> wrote:
> Hello, everybody.
> Florent and I have been discussing about context-sensitivity in
> repoze.what-1.0 predicates and there's a good enhancement that may be applied
> but will break backwards compatibility, and I won't break backwards
> incompatibility unless you want it.
> If you have repoze.what predicates this would affect you, so please read on.
> Right now repoze.what predicates are context-sensitive because they are
> evaluated with the WSGI environment. *But* if you have predicates that depend
> on POST/GET variables, then you have to use Paste to extract the variables you
> need from the WSGI environment. This is, GET/POST variables are used a lot in
> context-sensitivity authorization but they're not at hand (you need to write a
> little more code to get them).
> So, there's a proposed solution which would make the
> Predicate.evaluate(environ, credentials) method receive one more argument: The
> GET and POST variables. So its signature would end up as:
>> evaluate(environ, credentials, variables)
> (where ``variables`` is a dict, and ``variables['post']`` and
> ``variables['get']`` contain the POST and GET variables respectively)
> But if I implement it, then your custom predicates (if any) will break. I
> think it's a good compromise because:
> 1.- If your predicates still use the ._eval_with_environ() method then you'll
> have to switch to .evaluate() the sooner or later anyway because it's
> deprecated (but still supported).
> 2.- Upgrading is easy: Just add the "variables" argument to your .evaluate()
sounds interesting. Just a though can't we make it so that.
evaluate(environ, credentials, variables=None)
Won't this keep backward compatibility and still allow the specific
predicates to work?
Repoze-dev mailing list