On 5/26/09 1:50 AM, Malthe Borch wrote:
> 2009/5/25 Chris McDonough<chr...@plope.com>:
>> So to the end of breaking them apart, I just wrote up a bit of science 
>> fiction
>> in code form.  Could you take a look at the below and let me know what you 
>> think?
> It's very clear.

Cool.  I've implemented most of it on the "authchanges" branch (with slight 
modifications).  Some more tests need writing, but it's about done.  I'm not 
sure if this will land in 0.8.2 or if I'll start a new 0.9 series or what.

I actually bagged the ISecurityPolicy adapter I described in the first email 
entirely, and instead you register an effective security policy using a ZCML 
directive like so:


Both authentication and authorization above are adapters (the authentication 
adapts on both context and request, while the authorization one just adapts on 

As a result, "mortal" users will not be expected to need to use any ZCA stuff 
work with the authentication or authorization APIs; instead they use stuff like 
"authenticated_userid", "has_permission", etc (which under the hood consult 
effective authentication and authorization adapters as necessary).  While doing 
testing, they can use the repoze.bfg.testing API to prevent needing to register 
adapters against the authorization and authentication interfaces directly.

> In terms of style, for interfaces that represent would-be adapters,
> how do you feel about something like:
>    def __init__(context):
>       """Adapter. ``context`` is ..."""
> Perhaps less ZCA-savvy users will find this style more informative in
> terms of what's really going on.

If I haven't hidden the presence of interfaces (and other ZCA abstractions) 
deeply enough that no one will ever need to know they're there, I've kinda 
failed, because they really are an implementation detail.  I don't use them for 
docs in repoze.bfg, so folks who don't know ZCA won't be reading them much 


- C
Repoze-dev mailing list

Reply via email to