Hmm, so you would assert False as well as return []? I know we run production with asserts on, and we've no plans to change that, but I find it hard not to do the defensive thing here & assume that asserts could be turned off one day.
I was also assuming that this could be potentially hit by a user trying to do something they can't - i.e. they manually fiddle with a URL & then there's an error in our logic which means that this method is called - in which case I think assert False isn't really enough.
I might be more keen on assert False if the topic wasn't permissions / information leakage, and/or if I had some guarantees about where this code being called from.
Hmm, so you would
assert Falseas well asreturn []? I know we run production with asserts on, and we've no plans to change that, but I find it hard not to do the defensive thing here & assume that asserts could be turned off one day.I was also assuming that this could be potentially hit by a user trying to do something they can't - i.e. they manually fiddle with a URL & then there's an error in our logic which means that this method is called - in which case I think
assert Falseisn't really enough.I might be more keen on
assert Falseif the topic wasn't permissions / information leakage, and/or if I had some guarantees about where this code being called from.