On Mon, May 19, 2003 at 12:34:44PM -0400, Shane Hathaway wrote:
The same thing changed for integers and strings (and probably all other built-in types). The __doc__ check has always been hackish anyway. Ideas?
start declaring security on stuff that's traditionally relied on having no docstring? i know, big job :-( A quick bit of grepping turns up 59 .py files that do something with manage_options, and a quick browse of some of the results suggests that manage_options is typically a class-level tuple with no security declarations. which of course makes me wonder what else, besides manage_options, typically lacks security declarations... alternatively (I really really hate to suggest this) we could add some checks to BaseRequest.traverse() such that built-in types are not publishable. I hate to suggest it because: 1) traverse is already 266 lines long! 2) it could sometimes be really handy to have trivial publishable attributes that are built-in types, either for inspecting the state of an object via a browser or for RAD development of an app in the REST style (Representational State Transfer - see http://webservices.xml.com/pub/a/ws/2002/02/06/rest.html for an intro). I could imagine implementing something like: class BoxOfTools(SimpleItem): ... security.declarePublic('hammers') hammers = 0 security.declarePublic('screwdrivers') screwdrivers = 0 ... def __init__(self, ... hammers, screwdrivers): self.hammer = hammers self.screwdrivers = screwdrivers # code to handle PUT goes here Now an app using my server can visit http://server:8080/MyToolboxInstance/hammers to find out how many hammers the instance at that URL has, and can use http PUT to modify the instance. Neat way to work, and without built-in types being publishable it's just a bit more work: ... security.declarePublic('hammers') def hammers(self): """get the hammer count""" return str(self._hammers) ... Admittedly this is a pretty small difference, and a silly example, but there's something really appealing about the simplicity of the first example. -- Paul Winkler home: http://www.slinkp.com "Muppet Labs, where the future is made - today!"