Looks like there is a bug in Zope 2.10.2 with OFS/Traversable.py on line 228: if not ok: if (container is not None or guarded_getattr(obj, name, _marker) is not next): raise Unauthorized(name) Here is my debugging session: (Pdb) guarded_getattr(obj, name, _marker) 'Guo Zhonghai' (Pdb) obj <Contact at /creme/Contacts/Contact_1125> (Pdb) name 'title' (Pdb) guarded_getattr(obj, name, _marker) 'Guo Zhonghai' (Pdb) p next 'Guo Zhonghai' (Pdb) guarded_getattr(obj, name, _marker) == next True (Pdb) guarded_getattr(obj, name, _marker) is next False (Pdb) type(guarded_getattr(obj, name, _marker)), type(next) (<type 'str'>, <type 'str'>) (Pdb) id(guarded_getattr(obj, name, _marker)) 46912619931440 (Pdb) id(next) 46912619931720 Thus, often string attributes will fail with this check. In my opinion the code should read: if not ok: if (container is not None or guarded_getattr(obj, name, _marker) != next): raise Unauthorized(name) If you agree that his is a bug, I'll log it. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za
Please file a bug, mailing list traffic tends to get lost. Thanks, Stefan On 23. Mär 2007, at 11:12, Roché Compaan wrote:
Looks like there is a bug in Zope 2.10.2 with OFS/Traversable.py on line 228:
if not ok: if (container is not None or guarded_getattr(obj, name, _marker) is not next): raise Unauthorized(name)
Here is my debugging session:
(Pdb) guarded_getattr(obj, name, _marker) 'Guo Zhonghai' (Pdb) obj <Contact at /creme/Contacts/Contact_1125> (Pdb) name 'title' (Pdb) guarded_getattr(obj, name, _marker) 'Guo Zhonghai' (Pdb) p next 'Guo Zhonghai' (Pdb) guarded_getattr(obj, name, _marker) == next True (Pdb) guarded_getattr(obj, name, _marker) is next False (Pdb) type(guarded_getattr(obj, name, _marker)), type(next) (<type 'str'>, <type 'str'>) (Pdb) id(guarded_getattr(obj, name, _marker)) 46912619931440 (Pdb) id(next) 46912619931720
Thus, often string attributes will fail with this check.
In my opinion the code should read:
if not ok: if (container is not None or guarded_getattr(obj, name, _marker) != next): raise Unauthorized(name)
If you agree that his is a bug, I'll log it.
-- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
-- Anything that, in happening, causes something else to happen, causes something else to happen. --Douglas Adams
On 3/23/07, Roché Compaan <roche@upfrontsystems.co.za> wrote:
Thus, often string attributes will fail with this check.
I don't understand how you reach that conclusion.
In my opinion the code should read:
if not ok: if (container is not None or guarded_getattr(obj, name, _marker) != next): raise Unauthorized(name)
No, we are checking for identity there, because that's what we want to check. The question is why guarded_getattr(obj, name, _marker) and bobo_traverse(REQUEST, name) doesn't return the same object in this case.
If you agree that his is a bug, I'll log it.
I suspect that the bug is something different than this. -- Lennart Regebro: Zope and Plone consulting. http://www.colliberty.com/ +33 661 58 14 64
participants (3)
-
Lennart Regebro -
Roché Compaan -
Stefan H. Holek