I had some conversation with Tres about the SecurityPolicy
implementation. I would like to clean up following problem:

The method "validate" is not very clear about when it will raise an
exception and when it will return a boolean.

This results in code that expects it to return a boolean, and makes
conclusions about exceptions that are wrong by catching the anonymously,
transforming them all (e.g. AttributeError) into Unauthorized. This
shadows the real source of a problem, also the code that calls validate
probably shouldn't raise Unauthorized on it's own.

But there's where my problem starts: could we get it somewhat clear who
should raise Unauthorized, what can be expected from validate and where
should only boolean values be returned?

I would like to see some discussion, wrap it up in a proposal, and
deliver the code on a branch.

Thanks for listening,

Christian Theune, gocept gmbh & co.kg
phone: +49-3641-233526 mobile: +49-179-7808366

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to