[Zope-Checkins] CVS: Zope/lib/python/OFS - Traversable.py:1.17
Shane Hathaway
shane@cvs.zope.org
Wed, 18 Sep 2002 11:49:00 -0400
Update of /cvs-repository/Zope/lib/python/OFS
In directory cvs.zope.org:/tmp/cvs-serv28223/lib/python/OFS
Modified Files:
Traversable.py
Log Message:
Finished fix for collector #558. restrictedTraverse() was not providing
adequate context for the security manager, resulting in excessive Unauthorized
errors. The previous fix corrected traversal using __bobo_traverse__();
this fix corrects traversal using getattr(). The problem was solved by
simply making use of AccessControl.ZopeGuards.guarded_getattr().
=== Zope/lib/python/OFS/Traversable.py 1.16 => 1.17 ===
--- Zope/lib/python/OFS/Traversable.py:1.16 Thu Sep 12 17:20:52 2002
+++ Zope/lib/python/OFS/Traversable.py Wed Sep 18 11:48:59 2002
@@ -19,6 +19,7 @@
from Acquisition import Acquired, aq_inner, aq_parent, aq_base
from AccessControl import getSecurityManager
from AccessControl import Unauthorized
+from AccessControl.ZopeGuards import guarded_getattr
from urllib import quote
_marker=[]
@@ -134,21 +135,11 @@
raise Unauthorized, name
else:
- o=get(object, name, M)
- if o is not M:
- if restricted:
- # waaaa
- if hasattr(aq_base(object), name):
- # value wasn't acquired
- if not securityManager.validate(
- object, object, name, o):
- raise Unauthorized, name
- else:
- if not securityManager.validate(
- object, N, name, o):
- raise Unauthorized, name
-
+ if restricted:
+ o = guarded_getattr(object, name, M)
else:
+ o = get(object, name, M)
+ if o is M:
o=object[name]
if (restricted and not securityManager.validate(
object, object, N, o)):