launchpad-dev team mailing list archive

Thread
Date

Re: Model security: TAL or Interfaces?

To: launchpad-dev@xxxxxxxxxxxxxxxxxxx
From: "Francis J. Lacoste" <francis.lacoste@xxxxxxxxxxxxx>
Date: Mon, 9 Aug 2010 17:24:16 -0400
In-reply-to: <20100809143755.76e30c5b@megatron>
Organization: Canonical Ltd.
User-agent: KMail/1.13.5 (Linux/2.6.32-24-generic; KDE/4.4.5; x86_64; ; )

On August 9, 2010, Paul Hummer wrote:
> Hi folks-
> 
>   The SourcePackageRecipeBuild interface needs so field level security
> on it (only two fields, but who knows).  We used to use TAL and specify
> the fields individually, but now it seems like we're moving in a
> direction where we use separate interfaces for permissions.
> 
>   Which is the preferred way?

If you mean protecting the field via premission: TAL expression in the view 
while leaving the underlying model field unprotected, than the answer is 
obvious: don't do that. It means that your fields are public in the API.

You really want to protect them via model security. Now you can either use an 
interface to split the permission or declare them as attributes in the ZCML. 
Interface works best when the list of attribuets grow. It makes it easier to 
manage.

So interface scales usually better.

-- 
Francis J. Lacoste
francis.lacoste@xxxxxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part.

Follow ups

Re: Model security: TAL or Interfaces?
From: Paul Hummer, 2010-08-09

References

Model security: TAL or Interfaces?
From: Paul Hummer, 2010-08-09