Ross Boylan wrote:
After reading this section of the development guide, I have a lot of questions (pp 75-76 of the guide).
1. If a subclass redefines a base class method, does the subclass need to do a security declaration on it? The document says "You only need to make security declarations for methods .... your class actually defines. If your class inherits from other classes, the methods of the base classes are protected by the security declarations made in the base classes." The first sentence seems to indicate a security declaration is necessary (since you define the method); the second sentence suggests its not. It depends partly on the meaning of "define" and also "method" (that is, is redefinition considered definition? does method refer to a name or to a specific classes implementation of that name?).
You should have security declarations for each method you define, even if they are defined in the base class.
2. Does a subclass need to have security = ClassSecurityInfo() in it if the base class does? Judging from the example, yes.
Yes.
3. Under what circumstances is the declaration in 2 necessary? For example, only if new method names are introduced and protected? Or any reference to security in the subclass? It seems the latter, from the example.
Define security assertions for all the methods you define.
4. Suppose we wanted to change the security of a base class method without otherwise redefining it. What's necessary then?
Define a security declaration for a method without actually defining the method. Your security declaration will override those of the base class.
5. Under what conditions is InitializeClass necessary for the subclass when the base class has been through InitializeClass? (The guide only addresses the case when the base class has not been so processed. It also says the declarations "filter down", but the implication of this for new method is unclear.)
When you define new methods or when you want to override security declarations in the base class. It never hurts to run a class through InitializeClass.
This section has a lot of explicit discussion of odd cases (no security in superclass, redefining permissions on existing methods without changing them) and not enough about the normal cases (my subclass extends some base class methods and defines some new ones).
Also, the second paragraph uses "superclass" where I hope it means subclass.
These comments would be more helpful if they were made using the comment system that is in the book itself. I will unfortunately forget about this maillist message in about 10 minutes, but if they were made inline, when I went to go edit the book, there they'd be. ;-)
Although I would appreciate and responses from the list, I would also like to send these comments to the documents authors. Unfortunately, I see no authorship or contact information in the document. Can anyone suggest some?
I wrote most of it. You can ask, I may be able to answer. ;-) -- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com "Killing hundreds of birds with thousands of stones"