On Thu, 2005-02-17 at 09:22 +0000, Chris Withers wrote:
Well, this does beg the question: is this how restrictedTraverse works? If not, then why isn't restrictedTraverse used?
Publisher traversal works one way (checks only at the end of the entire path lookup, raising an unauthorized only if the user can't view the last object in the path), while [un]restrictedTraverse works a different way (it checks each step along the way, and raises an unauthorized error if it's not allowed to traverse any step). I never quite understood why this was the case (it is definitely confusing), but the fact that publisher traversal does not check each step has proven handy in situations where I've wanted to allow web access to deeply nested folders to people who don't actually have access to its parent folders. - C