[Zope-dev] ZCatalog madness. (Must log in as emergencyuser.)
Chris McDonough
chrism@digicool.com
Fri, 23 Feb 2001 17:07:53 -0500
> > And any access to getobject with any data_record_id_ returns
unauthorized
> > for any user besides emergency user?
>
> Hm... No, not entirely correct. If I don't get any hits, I don't get the
> unauthorized, but that is probably because I don't even try the
> getobject. The point I'm making is that I might be able to call getobject
> with a bogus data_record_id_ (although I highly doubt it).
It wouldn't return unauthorized if you passed it a bogus data_record_id_, it
would fail differently.
I meant to narrow down the problem domain in cases where you do call
getobject... cases where you aren't calling getobject are not relevant.
It would be helpful to find out for which objects getobject fails and for
which it succeeds under your setup. I suspect that it's a __roles__ problem
with a type of object being retrieved. These kind of problems are
notoriously difficult to debug. :-(
> Steve Alexander suggested that I try the ZCatalog from CVS. The problem
> is fixed there, isn't it?
You can try it, but I don't think there's any significant difference between
the ZCatalog in CVS and the one in Zope 2.3b1 if you see
"unrestrictedTraverse" in your 2.3b1's ZCatalog.py's getobject method.
Narrowing the problem down to a set of objects for which getobject *always*
fails is probably the first step. Then maybe I can reproduce it here if you
can give me the code for these objects.