On Jun 22, 2009, at 4:08 AM, Brian Sutherland wrote:

> On Sun, Jun 21, 2009 at 11:55:50AM -0400, Jim Fulton wrote:
>> - It aggressively proxies objects using
>> zope.security.checker.ProxyFactory.  Some people don't want
>>   to use proxies and those that do might want to use a different
>> proxy or checker implementation.
> Grok's publication sub-class is similar to mine:
>    http://svn.zope.org/grok/trunk/src/grok/publication.py?view=markup
> We I think we both want security proxies around views, but not during
> traversal. I've also heard of people who want proxies around the  
> context
> and view, but not during traversal.

Yup.  I've wanted something like that too.

> It's pretty difficult to do the above securely, or at least I was able
> to open massive security holes while prototyping my publication  
> object;)
> Witness grok's "if IBrowserView.providedBy" dance in the URL above.

It's actually pretty easy. All you have to do is make the traversal  
adapters public. There aren't very many of them.

>> Maybe in phase 3:
>> - Create zope.publication from zope.app.publcatiobn
>> - use webtest rather than zope.app.testing.
> What's webtest?


It's sort of like zope.app.testing.functional or zope.testbrowser but  
for WSGI apps.  It *just* handles the publishing aspects of testing.   
Tests can then manage their own application setup.  I think this will  
make many tests simpler and cleaner as they can set up just enough of  
an application as they need for their tests.


Jim Fulton
Zope Corporation

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to