[Skip, on attaching access control rights to function objects]
> [VM]
> >...
> > If you prefer embedded definitions, among other things, you could do:
> >
> > __zope_access__ = { 'Spam' : 'public' }
> >
> > class Spam:
> > __zope_access__ = { 'eggs' : 'private',
> > 'eats' : 'public' }
> > def eggs(self, ...): ...
> > def eats(self, ...): ...
[Greg]
> This is uglier than attaching the metadata directly to the target that you
> are describing! If you want to apply metadata to functions, then apply
> them to the function! Don't shove them off in a separate structure.
>
> You're the one talking about cleanliness, yet you suggest something that
> is very poor from a readability, maintainability, and semantic angle. Ick.
[Moshe]
> This solution is close to what the eff-bot suggested. In this case it
> is horrible because of "editing effort": the meta-data and code of a
> function are better off together physically, so you would change it
> to ...
> [equivalent solution deleted]
In this particular use case, we're discussing access control rights
which are part of some protection policy.
A protection policy is a matrix Objects/Rights. It can be impemented
in 3 ways, depending on the system:
1. Attach the Rights to the Objects
2. Attach the Objects to the Rights
3. Have a separate structure which implements the matrix.
I agree that in this particular case, it seems handy to attach the
rights to the objects. But in other cases, it's more appropriate
to attach the objects to the rights. However, the 3rd solution is
the one to be used when the objects (respectively, the rights) are fixed
from the start and cannot be modified, and solution 2 (resp, 3) is not
desirable/optimal/plausible... That's what I meant with:
[VM]
> > or have a completely separate class/structure for access control
> > (which is what you would do it in C, btw, for existing objects
> > to which you can't add slots, ex: file descriptors, mem segments, etc).
Which presents an advantage: the potential to change completely the
protection policy of the system in future versions of the software,
because the protection implementation is decoupled from the objects'
and the rights' implementation.
damned-but-persistent-first-principles-again-<wink>'ly y'rs
--
Vladimir MARANGOZOV | Vladimir.Marangozov@inrialpes.fr
http://sirac.inrialpes.fr/~marangoz | tel:(+33-4)76615277 fax:76615252
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4