launchpad-dev team mailing list archive

Thread
Date

Re: Model security: TAL or Interfaces?

To: "Francis J. Lacoste" <francis.lacoste@xxxxxxxxxxxxx>
From: Paul Hummer <paul.hummer@xxxxxxxxxxxxx>
Date: Mon, 9 Aug 2010 15:48:20 -0600
Cc: launchpad-dev@xxxxxxxxxxxxxxxxxxx
In-reply-to: <201008091724.19623.francis.lacoste@canonical.com>

On Mon, 9 Aug 2010 17:24:16 -0400
"Francis J. Lacoste" <francis.lacoste@xxxxxxxxxxxxx> wrote:
> 
> If you mean protecting the field via premission: TAL expression in
> the view while leaving the underlying model field unprotected, than
> the answer is obvious: don't do that. It means that your fields are
> public in the API.
> 
> You really want to protect them via model security. Now you can
> either use an interface to split the permission or declare them as
> attributes in the ZCML. Interface works best when the list of
> attribuets grow. It makes it easier to manage.

Yeah, I used TAL when I meant ZCML...  XML, po-tay-to, po-tah-to, let's
call the whole thing ugly.  :)

Cheers,
Paul

Attachment: signature.asc
Description: PGP signature

Follow ups

Re: Model security: TAL or Interfaces?
From: Julian Edwards, 2010-08-10

References

Model security: TAL or Interfaces?
From: Paul Hummer, 2010-08-09
Re: Model security: TAL or Interfaces?
From: Francis J. Lacoste, 2010-08-09