[Zope3-dev] Layerd security proxies when using __Security_checker__

Sun Mar 13 00:29:48 EST 2005

I'm running into a case where I'm getting a security-proxied security
proxy.

If I understand the code correctly, the implementation of Checker's
proxy method is at fault:

    def proxy(self, value):
        checker = getattr(value, '__Security_checker__', None)
        if checker is None:
            checker = selectChecker(value)
            if checker is None:
                return value
        return Proxy(value, checker)

This problem shows up in the first line for objects that provide
__Security_checker__. A proxy will happily return its proxied object's
__Security_checker__, causing it to become re-proxied.

I believe `proxy` should explicitly check for security proxies:

    def proxy(self, value):
        if type(value) is Proxy:
            return value
        ...

I've tested this with the Python code, and it addresses the issue. All
tests pass.

I won't venture to modify the C code.

Could the owner of this code take a look at this? I can add a collector
issue if we want to go that route.

 -- Garrett