[ZCM] [ZC] 1211/ 4 Comment "Zope 2.7 always uses Python implementation of ZopeSecurityPolicy"

Collector: Zope Bugs, Features, and Patches ... zope-coders-admin at zope.org
Thu Jan 29 16:35:11 EST 2004 

Issue #1211 Update (Comment) "Zope 2.7 always uses Python implementation of ZopeSecurityPolicy"
 Status Resolved, Zope/bug medium
To followup, visit:
  http://zope.org/Collectors/Zope/1211

==============================================================
= Comment - Entry #4 by Brian on Jan 29, 2004 4:35 pm

I see what you mean now. I'm curious if 
this ever worked, or if just looked like 
it did since the tests passed :(

I just checked in a fix to Implementation 
that ensures that the right thing is set 
and is actually used, and verified that 
the UserFolder test then does behave the 
same way as on 2.6 (fails w/Python policy, 
passes with C policy).

At least I feel a little better now that 
the problem is consistent. :)

-BL
________________________________________
= Comment - Entry #3 by shh on Jan 29, 2004 4:01 pm

> Interestingly, I've verified that under  
> 2.7 *both* the Python and C policy  
> implementations fail the user folder  
> test related to this issue. (That is  
> not the case under 2.6). 

I still maintain this is because the C implementation of ZopeSecurityPolicy is *never* used. The problem seems to be in setDefaultBehaviors which will *always* select the Python implementation.

Please try uncommenting the indicated 3 lines near the top of testUserFolder.py. You will find the tests pass if the C policy is enforced that way.

________________________________________
= Resolve - Entry #2 by Brian on Jan 29, 2004 2:14 pm

 Status: Pending => Resolved

An update on this - it was never the 
intent that the policy be switchable after 
initially being selected. The changes made 
for 2.7 were mainly to allow the selection 
to be made in the config file rather than 
a lot of env var checks distributed in 
different modules.

It turns out that a test in testImplementation violated this by 
calling setImplementation several times. 
The end effect was that the test rig 
itself was getting the policy set back 
to Python (from which it can't currently 
be switched back).

I've commented those tests for now with 
a note explaining that setImplementation 
is meant to be called only once and that 
calling it again can lead to undefined 
results (there are good reasons why it 
is not a good idea to support arbitrary 
switchability the way that the code is 
currently factored - 3rd party apps may 
have already imported elements of the 
implementation, so switching it after it 
is initially set is unwise).

Interestingly, I've verified that under 
2.7 *both* the Python and C policy 
implementations fail the user folder 
test related to this issue. (That is 
not the case under 2.6).

-BL
________________________________________
= Request - Entry #1 by shh on Jan 28, 2004 3:01 pm

Zope 2.7 appears to *always* use the Python implementation of ZopeSecurityPolicy. 

The implementation is initialized by a call to ImplPython.setDefaultBehaviors() in module ImplPython. Future calls to AccessControl.setImplementation('C') fail to change the security policy implementation (to C).

One way to reproduce this is to run 'AccessControl/tests/testUserFolder.py' which has the same new tests (and issues) like reported in http://zope.org/Collectors/Zope/1210 for 2.6. 

You will notice that the test *fails* even though use of the C implementation would be expected by default. 

You can force a C-ZopeSecurityPolicy by uncommenting the marked block near the top of 'testUserFolder.py'. This again makes all tests pass.


==============================================================

More information about the Zope-Collector-Monitor mailing list