On 26.07.2010 12:06, Robert Collins wrote: > On Mon, Jul 26, 2010 at 11:44 AM, Julian Edwards > <[email protected]> wrote: >> On Monday 26 July 2010 10:29:56 Robert Collins wrote: >>> Lastly, and here I expose my ignorance of some subtleties in zope - I >>> thought security proxies only lived between view and model objects, >>> not between model objects? >> >> That's right. Once the code inside a proxied object is running, it's >> effectively security-free and can see objects that the code outside of it >> would not normally be able to access. >> >> We need to be careful about this, because there's no protection against >> returning data to the caller that it should not see. > > So I don't understand this overall change then. > > If we're testing view code, we want something like: > Proxy -> model1 -> model2 etc > If we're testing model code, given that model code is unproxied as it > interacts with other model code, we want > model1 -> model2 > > Only view code can depend on security proxies for permission checking, > so making all our tests have security proxies *does not fit* our > deployed object structure, and can easily fail by having a false sense > of security. > > What about this: > * Write a decorator factory that wraps *anything* it is asked for in a > proxy, except one attribute 'unwrapped_factory' (which is the thing it > is decorating). > > * Make the view tests get a decorated launchpad factory > > * Leave unit tests alone.
If we don't work with proxied objects in the unit tests, we may miss permission problems, unless the view tests cover each code path... > > This requires backing out the recent changes, but I think its the > right thing todo because it will more accurately match how things work > in production, which is the driving force behind this change in the > first place. > > -Rob > _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
