Jim Fulton wrote:

Dominik Huber wrote:

Jim Fulton wrote:

...

Here are 2 other alternatives to consider:

1. Add a "locate" option to the adapter directive, which
   defaults to false.  If true (locate="1"), then a location
   proxy is always added to the adapter.



Yup. -1 That's might be *to much explicitness* for dev


I really don't think so.

> 1 and complecates the

adapter directive too.


Actually, I think it simplifies it a little.  It separates trusted-ness
from location-ness.

2. Option 1 but default to true if a non-public permission is
   specified.

These alternatives are explicit and hande the case where
permissions are declared in a separate directive.



In both sugestions the problem is not solved, that the public permission declaration within the adapter directive cannot be adapted to all trusted adapters, because the 'valid' security-declartations might be registered within an addional <class...


I think you are mistaken.  If you declare permissions in a class
directive, you'd use a locate attribute in the adapter
directive, as in:

<adapter factory=".myFactory" trusted="1" locate="1" />
<class class=".myFactory">
   <require permission="X" interface="IX" />
   ...
</class>

In this case you'd get the location even though the adapter
directive doesn't specify a permission.

Ok, I'm mistaken. That would be also fine with me.
The only thing we have to do additionaly is to look for potential bugs like the zwiki example.


Which alternativ do you prefer? I have time on wednesday to implement your selection within the branch.

Regards,
Dominik

_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com



Reply via email to