[Zope-dev] zope.app.security refactoring results

Dan Korostelev nadako at gmail.com
Fri Mar 13 07:24:12 EDT 2009


Hey there!

The refactoring of zope.app.security is now generally done. In the
process, three new packages has been created:

 * zope.authentication - the most interesting and small. It contains
the IAuthentication contract, as well as
IUnauthenticatedPrincipal/IAuthenticatedGroup and company. Beyond
that, it also contains several utilities related to principal lookup -
the PrincipalLookupError and PrincipalSource/PrincipalTerms.

 * zope.principalregistry - it's an implementation of IAuthentication
that's based on global non-persistent registry object. It provides
zcml-based principal creation. Yes, it's the "global principal
registry" from zope.app.security.

 * zope.localpermission - the implementation of persistent/local
permission class that can be added and used per-site. It's a bit of
(possibly deprecated) TTW development. I created another thread about
possibility of death of local permisions, so may be this package will
be named "zope.app.localpermission" and forgotten forever. :)

Also, two other packages were touched:

 * zope.security - here migrated some bits of zope.app.security - the
NoProxy definition for zope.i18nmessageid.Messages, the permission
vocabularies, zcml definitions of some common permissions, like
zope.View.

 * zope.publisher - here migrated the adapter from IPrincipal to
ILoggingInfo and the adapters from zope.publisher's HTTP/FTP requests
to ILoginPassword. May be they will be moved again, when we'll be
doing zope.publisher's refactorings.

One nice feature provided as a result of refactoring is possiblity of
the authentication system to be used without of zope.publisher. The
zope.app.authentication and z3c.authenticator probably can be
modified/refactored not to depend on zope.publisher as well, but it
will be another task.

The original zope.app.security now only contains browser views and BBB
imports. Other packages still need to be adapted to new imports, but
I'd like to do that after releasing refactored packages. I already
adapted zope.securitypolicy and zope.app.authentication though. It's a
big win for zope.securitypolicy that it doesn't pull the whole zope
anymore.

Please, check it out and say your opinion. I'd like new packages to be
released ASAP. :-)

-- 
WBR, Dan Korostelev


More information about the Zope-Dev mailing list