On Jun 22, 2009, at 4:08 AM, Brian Sutherland wrote:
> On Sun, Jun 21, 2009 at 11:55:50AM -0400, Jim Fulton wrote:
>> - It aggressively proxies objects using
>> zope.security.checker.ProxyFactory. Some people don't want
>> to use proxies and those that do might want to use a different
>> proxy or checker implementation.
> Grok's publication sub-class is similar to mine:
> We I think we both want security proxies around views, but not during
> traversal. I've also heard of people who want proxies around the
> and view, but not during traversal.
Yup. I've wanted something like that too.
> It's pretty difficult to do the above securely, or at least I was able
> to open massive security holes while prototyping my publication
> Witness grok's "if IBrowserView.providedBy" dance in the URL above.
It's actually pretty easy. All you have to do is make the traversal
adapters public. There aren't very many of them.
>> Maybe in phase 3:
>> - Create zope.publication from zope.app.publcatiobn
>> - use webtest rather than zope.app.testing.
> What's webtest?
It's sort of like zope.app.testing.functional or zope.testbrowser but
for WSGI apps. It *just* handles the publishing aspects of testing.
Tests can then manage their own application setup. I think this will
make many tests simpler and cleaner as they can set up just enough of
an application as they need for their tests.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -