[Zope-dev] Re: CatalogBrains since Zope2.7.1b1
Casey Duncan
casey at zope.com
Fri Jun 25 15:23:08 EDT 2004
On Fri, 25 Jun 2004 20:26:30 +0200
Dieter Maurer <dieter at handshake.de> wrote:
> Casey Duncan wrote at 2004-6-25 09:36 -0400:
> >On Thu, 24 Jun 2004 19:04:55 +0200
> >Dieter Maurer <dieter at handshake.de> wrote:
> > ...
> >> I think, you should only require access rights to the object itself
> >> and not to all folders from the root to the object.
> > ...
> >> That ZCatalog identifies objects by physical path is an
> >implementation> artifact. It should not make it impossible to access
> >an> object via the catalog that otherwise can be accessed without
> >> problem.
> >>
> >> > ...
> >> >For hysterical raisins, REQUEST.traverse() does not behave this
> >way.> >It instead checks only the final object traversed.
> >> That's a good behaviour...
> >
> >Except when it isn't ;^) OTOH it is closer to the behavior of
> >getObject in 2.7.0. Ironically it used to use restrictedTraverse long
> >ago...
>
> Have you gotten the main argument?
Yes, I intend to change it to use unrestrictedTraverse and then validate
the returned object.
So there... 8^P
-Casey
More information about the Zope-Dev
mailing list