[Zope-dev] ZCatalog getObject broken
Andreas Jung
lists at andreas-jung.com
Fri Feb 25 15:06:24 EST 2005
--On Freitag, 25. Februar 2005 20:21 Uhr +0100 Dieter Maurer
<dieter at handshake.de> wrote:
> Roché Compaan wrote at 2005-2-25 17:22 +0200:
>> Last year in March the following checkin was made that changed
>> ZCatalog's getObject to use restrictedTraverse instead of
>> unrestrictedTraverse. See:
>>
>> http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html
>>
>> In my opininion this is wrong,
>
> I agree with you!
>
>> ...
>> I would propose that getObject does an unrestrictedTraverse of the path
>> and then checks if the user has permission to access that the object.
>
> I argued precisely this approach with the person who made the
> change. I had the impression that I have convinced him -- but
> apparently, he did not change the code accordingly :-(
>
> Maybe, a bug report to the collector will help?
>
> <http://www.zope.org/Collectors/Zope>
>
Best to include a patch as well :-)
-aj
More information about the Zope-Dev
mailing list