[Zope3-dev] Bug or Feature in security proxy / checker code?
Jim Fulton
jim at zope.com
Thu Jan 12 13:34:55 EST 2006
Christian Theune wrote:
> Am Donnerstag, den 12.01.2006, 12:52 -0500 schrieb Jim Fulton:
>
>>>Is this intentional?
>>
>>Yes. self is never proxied.
>
>
> Ok. Just for my understanding: This results in a behaviour similar to
> Java where you can access everything within your own class, regardless
> of private/public declarations. (It's not the same thing, but has
> similarities.)
>
>
>> > I'm not sure about that. I feel like those calls
>>
>>>should work with proxied objects as well.
>>
>>I don't agree. At some point, you have to trust code,
>>especially methods.
>
>
> Is there a distinct border that makes it behave that way when you leave
> view code and switch to (content) components?
I don't understand the question.
It behaves that way because self is inside the proxy and we
don't rebind methods when we access them.
>
>>>[patch by me pointing out differences between C-optimized proxy code
>>>and the python version
>>
>>Good point.
>
>
> So which one would be the correct one? Should there be a unit test
> catching this?
The C version is the "correct" one. Because the security policy
has this check, the C version is mostly an optimization.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list