--On Freitag, 25. Februar 2005 20:21 Uhr +0100 Dieter Maurer <dieter@handshake.de> wrote:
Roché Compaan wrote at 2005-2-25 17:22 +0200:
Last year in March the following checkin was made that changed ZCatalog's getObject to use restrictedTraverse instead of unrestrictedTraverse. See:
http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html
In my opininion this is wrong,
I agree with you!
... I would propose that getObject does an unrestrictedTraverse of the path and then checks if the user has permission to access that the object.
I argued precisely this approach with the person who made the change. I had the impression that I have convinced him -- but apparently, he did not change the code accordingly :-(
Maybe, a bug report to the collector will help?
Best to include a patch as well :-) -aj