| Thread Previous • Date Previous • Date Next • Thread Next |
On 2010-07-27 16:32, Jonathan Lange wrote:
On Tue, Jul 27, 2010 at 2:05 PM, Jeroen Vermeulen<jtv@xxxxxxxxxxxxx> wrote: ...I'm inclined to agree with Abel: it's still better for us to run into test complications and be regularly worried about security proxies than to lose the mental reinforcement of the security model. Lose the reinforcement and we'll gradually lose our inhibitions w.r.t. creating unproxied objects.Do you have an example of a problem we've caught because we were using security proxies in our model tests? Even a contrived example of the kind of problem we catch would help.
I don't think that's particularly likely, because the problems we see in testing are ones from having proxies where we don't expect them. Production problems with proxies would probably be ones where we don't have proxies.
What I'm saying is that that doesn't necessarily justify dropping proxies from our testing, because running into proxies during testing reinforces proxy-aware design and code, and promotes understanding of how the proxies work. My feeling is that without the occasional permissions nuisance in test setup, we'd eventually (perhaps one or two generations of engineers down the line) start to make more "silent" mistakes.
An example of such mistakes would be to write BugSet().createBug instead of getUtility(IBugSet).createBug. Essentially we "catch" these all the time before we even write the code, or during review, because of enforced awareness.
That said, being already somewhat aware of proxies I'd probably be quite happy to use a context manager for "I've set up my data, now run this under more realistic restrictions."
Jeroen
| Thread Previous • Date Previous • Date Next • Thread Next |
