Hi folks, I have documented some of the darker corners of Zope's internals. I put it in the Plone developer documentation for lack of a better place, but it's not Plone-specific:
http://collective-docs.readthedocs.org/en/latest/zope_secrets/index.html Topics covered include startup, publication, traversal and security. One reason to do this, apart from morbid fascination, is to provide a baseline against which we can consider simplifying some of this stuff. For example, I'd like to consider an (opt-in) simplification of the publisher and traversal, probably based on a stripped-down and modernised repoze.zope2, which does away with some hooks and edge cases, but is much simpler and easier to understand. Some things we could consider chopping are: - Attribute traversal to anything other than methods at the end of the traversal chain (i.e. use __getitem__ traversal only) - Traversal to anything without explicit security declarations - The docstring security check - Maybe __bobo_traverse__ (i.e. just implement __getitem__) and __before_publishing_traverse__ (use a BeforeTraverseEvent instead, and notify this for all traversals, not just over local component sites) - All differences between publication and path traversal This is still somewhat half-baked and obviously would break things and require at least a new major version of Zope, but I think it's worth exploring at least. Martin _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )