On 10:47 am, [email protected] wrote:
Jeff Rush pisze:
Michal Pasternak wrote:
I think you can write one easily. The question is, do you really need
one? :-)
AFAIK, in Twisted, the URL tree is constructed piece by piece using a
series
of .putChild('segment', resource) calls (or child_XXX class
attributes) which
if you construct a complex tree with lots of conditionals based on the
access
rights of the user, can be messy.
Or, you can override locateChild().
I would definitely do this reactively, in locateChild, rather than try
to build up the whole hierarchy beforehand.
Conditionals make the code messy. That's why I like the idea of
returning trees of resources, that wrap the avatar object and know
nothing about access control.
They're not just messy. If you need to put the knowledge of your
security model into your application logic, there's a chance you screw
up, and when you screw up, you have a security hole. If the security
logic always lives somewhere else, then you can apply security to
application logic without changing what the application code does, and
you only have to look at your security code for security bugs, not every
line of code you've ever written in any application.
_______________________________________________
Twisted-web mailing list
[email protected]
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
