[Zope-dev] Zope internals documentation
Martin Aspeli
optilude+lists at gmail.com
Sat Dec 31 19:09:07 UTC 2011
Hi folks,
I have documented some of the darker corners of Zope's internals. I
put it in the Plone developer documentation for lack of a better
place, but it's not Plone-specific:
http://collective-docs.readthedocs.org/en/latest/zope_secrets/index.html
Topics covered include startup, publication, traversal and security.
One reason to do this, apart from morbid fascination, is to provide a
baseline against which we can consider simplifying some of this stuff.
For example, I'd like to consider an (opt-in) simplification of the
publisher and traversal, probably based on a stripped-down and
modernised repoze.zope2, which does away with some hooks and edge
cases, but is much simpler and easier to understand. Some things we
could consider chopping are:
- Attribute traversal to anything other than methods at the end of
the traversal chain (i.e. use __getitem__ traversal only)
- Traversal to anything without explicit security declarations
- The docstring security check
- Maybe __bobo_traverse__ (i.e. just implement __getitem__) and
__before_publishing_traverse__ (use a BeforeTraverseEvent instead, and
notify this for all traversals, not just over local component sites)
- All differences between publication and path traversal
This is still somewhat half-baked and obviously would break things and
require at least a new major version of Zope, but I think it's worth
exploring at least.
Martin
More information about the Zope-Dev
mailing list