-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Jung wrote: | | | --On Freitag, 25. Februar 2005 20:21 Uhr +0100 Dieter Maurer | <dieter@handshake.de> wrote: | |> Roché Compaan wrote at 2005-2-25 17:22 +0200: |> |>> Last year in March the following checkin was made that changed |>> ZCatalog's getObject to use restrictedTraverse instead of |>> unrestrictedTraverse. See: |>> |>> http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html |>> |>> In my opininion this is wrong, |> |> |> I agree with you! |> |>> ... |>> I would propose that getObject does an unrestrictedTraverse of the path |>> and then checks if the user has permission to access that the object. |> |> |> I argued precisely this approach with the person who made the |> change. I had the impression that I have convinced him -- but |> apparently, he did not change the code accordingly :-( |> |> Maybe, a bug report to the collector will help? |> |> <http://www.zope.org/Collectors/Zope> |> | | Best to include a patch as well :-) And a new test which fails under the current code, but succeeds with the patch. ;) Tres. - -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH50UGqWXf00rNCgRAradAJ9/v/nU3iZEALYK+7hI2NYZCZbi0ACggAxm l4LfqI3+RYCI8VRHV9cz0rU= =4SWg -----END PGP SIGNATURE-----