[Zope-dev] Fw: [Exuserfolder-devel] Zope 2.5b1 release

Dario Lopez-Kästen dario@ita.chalmers.se
Thu, 29 Nov 2001 09:00:05 +0100


I thought this might be intresting for discussion on zope-dev as well...

/dario

----- Original Message -----
From: "Andrew Kenneth Milton" <akm@theinternet.com.au>
To: "Andrew Kenneth Milton" <akm@theinternet.com.au>
Cc: <exuserfolder-devel@sourceforge.net>
Sent: Thursday, November 29, 2001 8:45 AM
Subject: Re: [Exuserfolder-devel] Zope 2.5b1 release

It has been pointed out that perhaps the dripping sarcasm drowned out the
acutal points of the email, sorry I was particularly pissed off at how
half-assed it all was.

If you are writing a product that needs to create a user, you go look in
User.py and find out what the API since that tends to be the only place
the API is documented.

If you look at how UserFolder is implemented;

a) The change to manage_* seems to be completely arbitrary, since we already
   had _do* methods that meant you didn't have to call manage_users with
   fake submit buttons. So what is the point of having manage_ ?

b) manage_* methods usually indicate web callable methods, which these
clearly
   aren't (no docstring, no REQUEST parameter). In fact they don't return a
status
   at all, so they seem to doubly useless.

c) If it's an internal API for applications then the methods should probably
   be protected by being prefixed with an _ to indicate they're not for
calling
   from the web or from within Documents/Templates.

d) Even if you conformed to the API by calling e.g. manage_addUser() this
   seemed to be incorrect, since it didn't do things like encrypt the
password.
   This meant you would have to either a) encrypt the password yourself
   (*very bad for XUF*), or b) call _addUser() which is not part of a
defined
   API but looks like it should be (i.e. manage_addUser and _addUser seem to
   be reversed in functionality).

   ii) This is compounded by the fact you would have to query the UserFolder
       itself to find out if you should be encrypting passwords (what no
       UserFolder capability API?).

e) s/_do/manage_/ doesn't constitute a new API. It's just the old one with
the
   names changed.

f) We've done a lot of work to make a flexible UF product that is I18Ned
   (well -able), and they still use the value of the submit button. I would
have
   expected to see an alternative manage_users called from the ZMI that
   behaved much better, with manage_users calls raising warnings.

g) Someone got paid to do it, and that just pisses me off, given the quality
   of the stuff we release for free (and I'm still looking for a job btw
d8).
   We're not perfect, the 0.10.1 release shows that, but, at least we
   spent more than three minutes including thinking time on it, and I at
least
   try not to change things just for the sake of it.

Anyway. In case you were wondering what the previous email meant, there's
the
actual meaning d8)

--
Totally Holistic Enterprises Internet|                      | Andrew Milton
The Internet (Aust) Pty Ltd          |                      |
ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au|

_______________________________________________
Exuserfolder-devel mailing list
Exuserfolder-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/exuserfolder-devel