| Thread Previous • Date Previous • Date Next • Thread Next |
On 2010-07-26 18:34, Abel Deuring wrote:
On 26.07.2010 17:03, Jonathan Lange wrote:
I used to agree, but now I'm not so sure. Can you give an example of the kind of permission problem we might miss, or of one that we've caught because we were using security proxies in our model tests?I can't give any good example. My reason simply is this: if we get an Unauthorized exception while iterating over the result of getUtility(IFooSet).getStuff(), we know that we should either fix getStuff() or use/write a method getStuffForUser(some_person).
I'm inclined to agree with Abel: it's still better for us to run into test complications and be regularly worried about security proxies than to lose the mental reinforcement of the security model. Lose the reinforcement and we'll gradually lose our inhibitions w.r.t. creating unproxied objects.
(Old-fashioned Iron Maiden education taught us this as "take not thy thunder from us, but take away our pride." It may not have been about Zope originally.)
Jeroen
| Thread Previous • Date Previous • Date Next • Thread Next |
