[z3-five] Security and Five

Mon Jun 21 15:24:00 MEST 2004

On Mon, Jun 21, 2004 at 10:59:22AM +0200, Martijn Faassen wrote:
| >I changed FiveViewsDemo.simplecontent.SimpleContent to use
| >five:content directive, and it seems to work like a charm. Yay!
| 
| Except that views can break right through this, right? This is something 
| we cannot avoid in the Zope 2 security model anyway.

Not *yet*. I'm pretty sure with someone that knows enough C, or maybe
we don't even need to change C code, we can start making use of
checkers in z2. I need to put some research into that.

| >As far as security is concerned, I think we are good enough to
| >go. There are more features on zope2 security, like setDefaultAccess
| >and declareObjectProtected, but I think we shouldn't go there. Most
| >people don't even know those exist, and they don't have counterparts
| >in z3. Even declarePrivate doesn't have a counterpart in z3. *wink*
| 
| We should make sure that everything that we *don't* explicitly set in 
| ZCML is actually forbidden. I don't know what Zope 3 does if you supply 
| a page and don't set a permission; the permission attribute is not 
| required. I imagine it falls back to some default permission in that case.

I've set the default to zope.Public. I think a sane default for zope2
would be zope.ViewManagementScreens.

| >Martijn, tell me what you think about it this far.
| 
| Overall, a lot of great progress has been made, thanks! I want to review 
| it all carefully and perhaps add more tests next.

Yes please!

| >I would suggest to
| >move some files around, to make the package a bit more consistent. (eg:
| >fiveconfigure.py to handlers/five.py, fivedirectives to
| >directives/five.py, and so on)
| 
| It was consistent until you started to introduce the subpackages. :) 
| Zope 3 doesn't define sub packages to separate out this code; modules 
| are good enough there. So, I'll turn the question around on you. :) Why 
| do you think it should be different for Five?

Oh, I don't really care that much. Just do it the way you feel more
confortable with and I will adapt myself to that. I just prefer
a package with smaller modules that a module that is longer than say
300 lines.

| I was happy to see Philipp define a bunch of permissions. On the naming 
| of the permissions, I think we should not use 'zope' but 'zope2' as a 
| prefix in Five, as this makes it easy to avoid accidental name clashes 
| with permissions that are truly Zope 3 native. This is important when 
| porting code back and forth; something needs to change anyway and it's 
| good to make it not work 'accidentally'. Is there anything in the system 
| now that depends on the prefix being zope instead of zope2?

The handler for the content directive depends on 'zope.Public' and
'zope.Private'. Other than that you can change to 'zope2' prefix
without trouble.

-- 
Sidnei da Silva <sidnei at awkly.org>
http://awkly.org - dreamcatching :: making your dreams come true
http://www.enfoldsystems.com
http://plone.org/about/team#dreamcatcher

As of next Thursday, UNIX will be flushed in favor of TOPS-10.
Please update your programs.