On Wed, 2002-09-25 at 06:41, Ignacio Dosil Lago wrote:
-- I am developing a CMF "link" product which defines its own traverse method:
def __bobo_traverse__(self, request, name=None): "Traverse method hook"
if hasattr(self, name): # return own attributes/subobjects return getattr(self, name) else: t= self.getTarget() if hasattr(t, name): # return target's attributes/subobjects return getattr(t, name) else: return t
-- It works fine under the ZMI but when I try to access an object of this product into a CMF portal using the CMF interface, Zope requests me login name and password (even if I am admin!!), which it doesn't accept, so the only way to continue is to cancel instead of triying to log in.
I don't know why it would work in the ZMI; this smells like a problem in the way you wrap (or don't) the target object returned by 'getTarget'. Try the following to test that: from Acquisition import aq_base, aq_parent def __bobo_traverse__(self, request, name=None): "Traverse method hook" if hasattr(self, name): # return own attributes/subobjects return getattr(self, name) else: t = self.getTarget() t = aq_base( t ).__of__( aq_parent( self ) ) if hasattr(t, name): # return target's attributes/subobjects return getattr(t, name) else: return t This version addresses the issue that the security machinery expects to crawl up the containment part of the acquisition chain to verify that the user and the accessed object are in proper relation to one another; it does this by ripping off any existing acquisition wrapper (the 'aq_base' call) and re-wrapping the object in the context of the link's parent ( the '__of__' call). Hope this helps, Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com