On Jun 22, 2009, at 4:08 AM, Brian Sutherland wrote:
On Sun, Jun 21, 2009 at 11:55:50AM -0400, Jim Fulton wrote:
- It aggressively proxies objects using zope.security.checker.ProxyFactory. Some people don't want to use proxies and those that do might want to use a different proxy or checker implementation.
Grok's publication sub-class is similar to mine:
http://svn.zope.org/grok/trunk/src/grok/publication.py?view=markup
We I think we both want security proxies around views, but not during traversal. I've also heard of people who want proxies around the context and view, but not during traversal.
Yup. I've wanted something like that too.
It's pretty difficult to do the above securely, or at least I was able to open massive security holes while prototyping my publication object;) Witness grok's "if IBrowserView.providedBy" dance in the URL above.
It's actually pretty easy. All you have to do is make the traversal adapters public. There aren't very many of them.
Maybe in phase 3:
- Create zope.publication from zope.app.publcatiobn - use webtest rather than zope.app.testing.
What's webtest?
http://pythonpaste.org/webtest/ It's sort of like zope.app.testing.functional or zope.testbrowser but for WSGI apps. It *just* handles the publishing aspects of testing. Tests can then manage their own application setup. I think this will make many tests simpler and cleaner as they can set up just enough of an application as they need for their tests. Jim -- Jim Fulton Zope Corporation