-
-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make plone.protect a soft dependency. #18
Conversation
… in setups without the Plone stack. Fixes plone/Products.CMFPlone#1311
Thanks a lot |
+1 |
try: | ||
# Soft dependency to make this package work without plone.protect | ||
from plone.protect.interfaces import IDisableCSRFProtection | ||
except ImportError: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Catching ImportError is not recommended http://ploneapi.readthedocs.org/en/latest/contribute/conventions.html#about-imports (see #4)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a discussion elsewhere - using pkg_resources is slower than just using ImportError. It does only mask errors in the package, from which we are importing, which should catched via tests anyways. Aslo depending on pkg_resources, which comes from setuptools does not feel right within production code (IMO).
Where was this discussion .... can't really remember...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
discussion result was to stick to plone api conventions, some millis one time at startup vs. hours of debugging: latter won.
Also all production code needs setuptools. I.e. to load fs-resources if a package is zip-safe (recommended to write your code this way).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC, there was a bigger motion to use ImportError, but we did not discuss this to the end.
Personally, I dislike the pkg_resource way, because I always have to look it up vs using the easy to remember Python syntax for that.
Can you remember, where this discussion took place on github? I remember @gforcada, @davisagli and me were discussing that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would be this one: plone/plone.api#217
which links to this: plone/plone.app.event@a17c9e1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @mauritsvanrees
See, not discussed to the end. There is still room for discussion, IMO. However, I've updated the pull-request.
I've updated the pull request. I'll reopen plone/plone.api#217 for further discussion. |
Make plone.protect a soft dependency.
This allows to use this package in setups without the Plone stack. Fixes plone/Products.CMFPlone#1311