On Thu, 24 Jun 2004 19:04:55 +0200 Dieter Maurer <dieter@handshake.de> wrote:
Casey Duncan wrote at 2004-6-18 09:58 -0400:
... Security was tightened for getObject recently as part of a general refactor of that code. I am happy to consider whether the security is too tight, in which case it could be backed off a bit.
I think, you should only require access rights to the object itself and not to all folders from the root to the object.
It is not uncommon that upper levels are more restricted than subhierarchies. This is what Zope's URL traversal allows: Only the object identified by URL traversal is accessed checked.
That ZCatalog identifies objects by physical path is an implementation artifact. It should not make it impossible to access an object via the catalog that otherwise can be accessed without problem.
... For hysterical raisins, REQUEST.traverse() does not behave this way. It instead checks only the final object traversed. That's a good behaviour...
Except when it isn't ;^) OTOH it is closer to the behavior of getObject in 2.7.0. Ironically it used to use restrictedTraverse long ago... -Casey