launchpad-dev team mailing list archive

[Julian Edwards <julian.edwards@xxxxxxxxxxxxx>]

On Monday 09 August 2010 22:48:20 Paul Hummer wrote:
> On Mon, 9 Aug 2010 17:24:16 -0400
> 
> "Francis J. Lacoste" <francis.lacoste@xxxxxxxxxxxxx> wrote:
> > If you mean protecting the field via premission: TAL expression in
> > the view while leaving the underlying model field unprotected, than
> > the answer is obvious: don't do that. It means that your fields are
> > public in the API.
> > 
> > You really want to protect them via model security. Now you can
> > either use an interface to split the permission or declare them as
> > attributes in the ZCML. Interface works best when the list of
> > attribuets grow. It makes it easier to manage.
> 
> Yeah, I used TAL when I meant ZCML...  XML, po-tay-to, po-tah-to, let's
> call the whole thing ugly.  :)

I vastly prefer using interfaces to set this up, because it means I never need 
to edit zcml! (well, after the first time)

I think it's also nicer to see the permissioning in the interface files next 
to descriptions etc.