[Zope-dev] Re: ZCatalog getObject broken
Tres Seaver
tseaver at zope.com
Fri Feb 25 16:48:04 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andreas Jung wrote:
|
|
| --On Freitag, 25. Februar 2005 20:21 Uhr +0100 Dieter Maurer
| <dieter at handshake.de> wrote:
|
|> Roché Compaan wrote at 2005-2-25 17:22 +0200:
|>
|>> Last year in March the following checkin was made that changed
|>> ZCatalog's getObject to use restrictedTraverse instead of
|>> unrestrictedTraverse. See:
|>>
|>> http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html
|>>
|>> In my opininion this is wrong,
|>
|>
|> I agree with you!
|>
|>> ...
|>> I would propose that getObject does an unrestrictedTraverse of the path
|>> and then checks if the user has permission to access that the object.
|>
|>
|> I argued precisely this approach with the person who made the
|> change. I had the impression that I have convinced him -- but
|> apparently, he did not change the code accordingly :-(
|>
|> Maybe, a bug report to the collector will help?
|>
|> <http://www.zope.org/Collectors/Zope>
|>
|
| Best to include a patch as well :-)
And a new test which fails under the current code, but succeeds with the
patch. ;)
Tres.
- --
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCH50UGqWXf00rNCgRAradAJ9/v/nU3iZEALYK+7hI2NYZCZbi0ACggAxm
l4LfqI3+RYCI8VRHV9cz0rU=
=4SWg
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list