-----Original Message----- From: Anthony Baxter [mailto:anthony@interlink.com.au] Sent: Tuesday, January 04, 2000 5:29 PM To: Michel Pelletier Cc: zope-dev@zope.org Subject: Re: [Zope-dev] feedback wanted on ZCatalog changes...
Excellent. The other two changes in there were:
make REQUEST and RESPONSE optional for the various manage_ functions,
Done, thanks.
and fixing the "can't index attributes acquired from higher than the enclosing folder" from ZopeFindAndApply.
I've not been bitten by this one, so I'm not sure I understand. When indexing with find, you want objects to try and acquire attributes and index the value of that acquried attribute if it can do so? Hmm.. I think context could come up and bite us here, The request to index the object may have a different acquistion context then the request that runs the query, thus 'find' may index values for objects that other people may not be able to see in their context, or even have permission to see. By not acquiring, you limit the functionality, but avoid having to run catalog queries through the security machinery; god help us all if that ever happens. Maybe that doesn't make sense, what do you think? Can you reproduce a security violation with your patch? -Michel