[Zope3-dev] Traversal question

[Roger Ineichen]

Hi together 

I have a question abaout the traversal concept.
I'm not sure if I'm totaly wrong or not.

First:
------

We have site's and it's possible to have subsites.

Each of this site, subsite can have own rules
for to login. (actually done with PlugableAuthenticcationUtility)


Setup:
------

/root/site/subsite

On each site (site and subsite) is a PAU installed
with own principals.

In the site we have a principal called 'siteMember'
and in the subsite a principal called 'subsiteMember'.

If the principal 'subsiteMember' has access to the 
subsite and tries to login. He get's the login challenger
from the site and not the subsite's PAU.

Reason why:
-----------
The travers mechanism is using ITraversable adapters or views.
This views have the permission zope.Public that's Ok.
But this means if we get to a object let's say the 'site'.
We don't have the permission to travers to this object.
But we have permissions for the sub object of the site.

Proposal:
---------
Again, I'm not sure if this is correct or has other impact.

Register the ITraversable with trusted="True" so we get a 
trusted adapter which can travers the object we don't have 
access to (like the site). 

This means we can travers each object!

Is this a problem? I don't think so, because we do not
call the objects directly, we call a view of the objects
which are protected by other permissions. And if a trusted
adapter is calling such view or a object which the traverser
can access, we run at least at this time in a Unathorized 
situation.

Thanks for answers

Regards
Roger Ineichen
_____________________________
Projekt01 GmbH
www.projekt01.ch
Langackerstrasse 8
6330 Cham
phone     +41 (0)41 781 01 78
mobile    +41 (0)79 340 52 32
fax       +41 (0)41 781 00 78
email r.ineichen at projekt01.ch
_____________________________
END OF MESSAGE