Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Richard Jones wrote: [snip] Is this a general trend for Zope 2? I'd rather see Zope 2 kinda avoid ZCML if possible. The Five integration philosophy at least, is that it makes use of ZCML *possible* in Zope 2, but not at all mandatory. Five tries to mess with the innards of Zope 2 as much as possible, because it's complicated enough to add Zope 3 to Zope 2 already; we don't want to worry about changing Zope 2 (or Zope 3). Zope 2.9 has traditionally been seen as a version of Zope 2 where the innards *will* change to integrate deeper into Zope 3. Five's philosophy makes it impossible to do certain kinds of Zope 3 integration with Zope 2, such as security in particular. Though in fact I'm surprised how much *is* already possible given the limitations Five has; I think that's an interesting finding. Anyway, you might want to give Five a spin one day. Perhaps you'll change your mind about ZCML. Five introduces Zope 3 concepts more gradually to the Zope 2 hacker than Zope 3 itself, so it may be less overwhelming; Zope 3 certainly sometimes tends to overwhelm me, still. Regards, Martijn ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Richard Jones wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Apr 2005 02:49 am, Jim Fulton wrote: Paul Winkler wrote: i.e. will I still write: security.declareProtected(SomePermission, 'foo') def foo(self): ... That will work, and I don't see a need to deprecate it. Eventually, though, I expect products to migrate to ZCML-based security declarations. Is this a general trend for Zope 2? I'd rather see Zope 2 kinda avoid ZCML if possible. It's just one of those personal preference things, I suppose, but I know I'm not the only one who isn't that enamored of the ZCML approach. I actually like having the declarations all in the python code like it is in Zope 2. As I said, I don't see a need to deprecate the Zope 2 style in this case. I think that most people who've tried it find they prefer having the security declarations separate. This is more compelling for Zope 3 code, which tends to have less Zope-isms to begin with, I'd like to see the declarative style that Zope 2 move to using decorators. I was sitting in a presentation at PyCon talking about MetaClasses, and I finally *got* them. I realised that the security declarations in Zope 2 are a perfect fit for metaclasses and decorators. If only I had the time to actually implement this dream ;) I don't see any use for metaclasses in making security declarations. For me, metaclasses (like proxies) are deep and powerful magic that should only be used when they are realy needed. Note that this all comes from the perspective of someone whose only exposure to Zope 3 has been through two sprints. I've not actually tried to develop any sort of application using it. My day job is very firmly fixed in Zope 2, and isn't likely to change for a long time. So I'm definitely speaking from ignorance of real-world application development in Zope 3. Fair enough. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Apr 7, 2005, at 6:50, Andreas Jung wrote: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... I don't know exactly to which changes do you refer. Either little people that this problem or people did not use these releases or people did not test enough or people did not contribute enough to fix this bug in time *wink*. This is probably in reference to some overeager security checks that caused login boxes in unexpected places. Jim and Tres fixed that for 2.7.5. I thought that problem was older than 2.7.3, though. jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
--On Mittwoch, 6. April 2005 21:59 Uhr +0200 Dieter Maurer <[EMAIL PROTECTED]> wrote: Jim Fulton wrote at 2005-4-6 08:33 -0400: I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... I don't know exactly to which changes do you refer. Either little people that this problem or people did not use these releases or people did not test enough or people did not contribute enough to fix this bug in time *wink*. -aj pgpU4uTM9RZcM.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Apr 2005 02:49 am, Jim Fulton wrote: > Paul Winkler wrote: > > i.e. will I still write: > > > > security.declareProtected(SomePermission, 'foo') > > def foo(self): > > ... > > That will work, and I don't see a need to deprecate it. > Eventually, though, I expect products to migrate to > ZCML-based security declarations. Is this a general trend for Zope 2? I'd rather see Zope 2 kinda avoid ZCML if possible. It's just one of those personal preference things, I suppose, but I know I'm not the only one who isn't that enamored of the ZCML approach. I actually like having the declarations all in the python code like it is in Zope 2. I'd like to see the declarative style that Zope 2 move to using decorators. I was sitting in a presentation at PyCon talking about MetaClasses, and I finally *got* them. I realised that the security declarations in Zope 2 are a perfect fit for metaclasses and decorators. If only I had the time to actually implement this dream ;) Note that this all comes from the perspective of someone whose only exposure to Zope 3 has been through two sprints. I've not actually tried to develop any sort of application using it. My day job is very firmly fixed in Zope 2, and isn't likely to change for a long time. So I'm definitely speaking from ignorance of real-world application development in Zope 3. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCVIIirGisBEHG6TARAowSAKCGSgaIkZeLJfg1NFlnzKdhOZDa3QCePu30 f5MPM1sUwbBEVykehbyNH7o= =v736 -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Dieter Maurer wrote: Jim Fulton wrote at 2005-4-6 08:33 -0400: I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... Hopefully, such a major change will not require 4, 5, 6 minor releases and years for stabilazation... Hopefully not. It depends on whether people choose to test their application during the beta cycle or during the release cycle. This will be a *big* change. Possibly, this will be bigger than the change from 2.7 to 2.8. I do think it will provide significant benefits that justify the pain. Of course, when we try it, we may find it is too painful and we'll have to reconsider. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Sidnei da Silva wrote: ... Is this related in any way to having a dictionary or callable in __allow_access_to_unprotected_subobjects__? I ask because we just started abusing this one *wink*. I believe so. I don't remember the details. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Jim Fulton wrote at 2005-4-6 08:33 -0400: > >I very much want Zope 2.9 to use Zope 3's security architecture. >Zope 3's security architecture is far more robust, but it is different >in some significant ways: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... Hopefully, such a major change will not require 4, 5, 6 minor releases and years for stabilazation... -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Wed, Apr 06, 2005 at 12:49:19PM -0400, Jim Fulton wrote: | >i.e. will I still write: | > | >security.declareProtected(SomePermission, 'foo') | >def foo(self): | >... | | That will work, and I don't see a need to deprecate it. | Eventually, though, I expect products to migrate to | ZCML-based security declarations. BTW, Five already allows ZCML-based security declarations, to the extent supported by Zope 2. You can't protect assigning to instance attributes by a permission until we move to Zope 3 security implementation. | It was/is possible to control access to mapping items | based on item values (e.g. key values). Is this related in any way to having a dictionary or callable in __allow_access_to_unprotected_subobjects__? I ask because we just started abusing this one *wink*. -- Sidnei da Silva <[EMAIL PROTECTED]> http://awkly.org - dreamcatching :: making your dreams come true http://www.enfoldsystems.com http://plone.org/about/team#dreamcatcher we are the knights who say INT! SHORT! and UNSINNNED LONGG! ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Wed, Apr 06, 2005 at 12:49:19PM -0400, Jim Fulton wrote: > >> o No support for key-based access control > > > > > >Don't know what that is. > > It was/is possible to control access to mapping items > based on item values (e.g. key values). OK... I've never used this AFAIK. Anybody know if it's a widely used feature? -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Paul Winkler wrote: On Wed, Apr 06, 2005 at 08:33:39AM -0400, Jim Fulton wrote: I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways: (snip) Will this all be "under the hood"? i.e. will Products have to be rewritten for 2.9? I don't know. I expect that most products would not have to be rewritten. I expect that *some* proucts would. (e.g. products that depend on key-based access control.) i.e. will I still write: security.declareProtected(SomePermission, 'foo') def foo(self): ... That will work, and I don't see a need to deprecate it. Eventually, though, I expect products to migrate to ZCML-based security declarations. ... o No support for key-based access control Don't know what that is. It was/is possible to control access to mapping items based on item values (e.g. key values). Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Wed, Apr 06, 2005 at 08:33:39AM -0400, Jim Fulton wrote: > > I very much want Zope 2.9 to use Zope 3's security architecture. > Zope 3's security architecture is far more robust, but it is different > in some significant ways: (snip) Will this all be "under the hood"? i.e. will Products have to be rewritten for 2.9? i.e. will I still write: security.declareProtected(SomePermission, 'foo') def foo(self): ... > I see 2 main challenges: > > - supporting implicit acquisition > > - Backward incompatibilities: > > o No support for key-based access control Don't know what that is. -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )