[Zope-CMF] Bad interaction between CMF 1.4 and Zope 2.8 (catalog-getObject-raises)

Florent Guillaume fg at nuxeo.com
Wed Apr 20 11:21:04 EDT 2005


Chris Withers wrote:
> Florent Guillaume wrote:
>>>> Specifically, in CMFCatalogAware.reindexObjectSecurity (recently
>>>> introduced by Florent Guillaume if I recall), it assumes getObject()
>>>> will return None in a failure.
>>>
>>>
>>> Yes, see http://www.zope.org/Collectors/CMF/337 which I'm about to fix.
> 
> 
> This is a bad fix IMNSHO :-(
> Why was getObject not returning an object?

It could raise Unauthorized because the current user is not allowed to
access the returned object, which is the case if there are security
restrictions lower in the object tree. Which is something you don't seem
to grok.

> That condition has been accepted for far too long and, reading the rest
> of the thread here, seems to be a bug in this case.

No.

> Furthermore, rather than effectively re-implementing getObject in CMF
> code, why didn't we just catch the exceptions that are now being raised?

Because we want to get to that object and reindex it.

> Anyone mind if I revert this checking?

Yes, me. Stop threatening to revert checkins, Chris.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com


More information about the Zope-CMF mailing list