[ZDP] BackTalk to Document Zope Developer's Guide (2.4 edition)/Security

[webmaster@zope.org]

A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZDG/current/Security.stx#3-31

---------------

      The 'ClassSecurityInfo' class is defined in the 'AccessControl'
      package of the Zope framework. To declare class security
      information create a 'ClassSecurityInfo' class attribute named
      'security'.  The name 'security' is used for consistency and for
      the benefit of new component authors, who often learn from
      looking at other people's code. You do not have to use the
      name 'security' for the security infrastructure to recognize
      your assertion information, but it is recommended as a
      convention.  For example::

        from AccessControl import ClassSecurityInfo

        class Mailbox(ObjectManager):
          """A mailbox object that contains mail message objects."""

          # Create a SecurityInfo for this class. We will use this 
          # in the rest of our class definition to make security 
          # assertions.
          security = ClassSecurityInfo()

          # Here is an example of a security assertion. We are 
          # declaring that access to messageCount is public.
          security.declarePublic('messageCount')

          def messageCount(self):
            """Return a count of messages."""
            return len(self._messages)

        % Anonymous User - Jan. 23, 2003 9:54 am:
         How is security.declarePublic('messageCount') different from 
         messageCount__roles__=None ? Or is the latter way obsolete?