[Zope-dev] Security Gurus Wanted

[Steve Alexander]

vio wrote:

<deletia>

> So Globals.InitializeClass(your_class) finds the declaration 
> 'security.declareSomething()' inside a class, but 'security' being
> a reference to a ClassSecurityInfo object AT THE MODULE LEVEL somehow has 
> no effect at the class level (while I wrongly thought that by declaring it
> at the module level like that, it will behave more or less like a 'global'
> variable).

<deletia>

> In my opinion, Globals.InitializeClass() should check such calls to
> security methods

You appear not to understand how Python and the declarative security 
system in Zope work.

Globals.InitializeClass() does not read the source to your modules. You 
would need some sort of "lint" tool to perform the checking you describe.


Why not try to implement a simple case of the error-correcting system 
that you describe? You might want to extend an existing lint tool such 
as PyChecker, to take account of conventions used in Zope products.

   http://pychecker.sourceforge.net/

--
Steve Alexander