[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Traversing - DefaultTraversable.py:1.1.2.2 Traverser.py:1.1.2.3

Martijn Pieters mj@zope.com
Tue, 4 Dec 2001 11:52:49 -0500 

Update of /cvs-repository/Zope3/lib/python/Zope/App/Traversing
In directory cvs.zope.org:/tmp/cvs-serv20303/lib/python/Zope/App/Traversing

Modified Files:
      Tag: Zope-3x-branch
	DefaultTraversable.py Traverser.py 
Log Message:
- Remove the silly restriction on underscore; this is the responsibility of the
  securty policy

- Implement restrictedTraverse


=== Zope3/lib/python/Zope/App/Traversing/DefaultTraversable.py 1.1.2.1 => 1.1.2.2 ===
 
     def traverse(self, name, furtherPath):
-        if name.startswith('_'):
-            raise NotFoundError, name
-
         if hasattr(self._subject, name):
             return getattr(self._subject, name)
         else:


=== Zope3/lib/python/Zope/App/Traversing/Traverser.py 1.1.2.2 => 1.1.2.3 ===
 from Zope.ContextWrapper import wrapper
 from Zope.ComponentArchitecture import getFeature
-from Zope.Exceptions import NotFoundError
+from Zope.Exceptions import NotFoundError, Unauthorized
+from Zope.App.Security.SecurityManagement import getSecurityManager
 
 from types import StringType
 
@@ -66,13 +67,14 @@
         path.reverse()
         pop = path.pop
 
+        validate = restricted and getSecurityManager().validate
+
         curr = self._wrapper
         if not path[-1]:
             # Start at the root
             pop()
             curr = self.getPhysicalRoot()
-            if restricted: pass
-                # TODO: security restrictions
+            if restricted: validate(None, curr)
 
         try:
             while path:
@@ -82,11 +84,9 @@
                     continue
 
                 if name == '..':
-                    next = wrapper.getcontext(curr) or curr
-                    if next is not None:
-                        # TODO: security restrictions
-                        curr = next
-                        continue
+                    curr = wrapper.getcontext(curr) or curr
+                    if restricted: validate(None, curr)
+                    continue
 
                 traversable = getFeature(curr, ITraversable, None)
                 if traversable is None:
@@ -95,10 +95,8 @@
 
                 else:
                     next = traversable.traverse(name, path)
-                    next = wrapper.Wrapper(next, curr, name=name)
-                    if restricted: pass
-                        # TODO: security restrictions
-                    curr = next
+                    curr = wrapper.Wrapper(next, curr, name=name)
+                    if restricted: validate(name, curr)
 
             return curr
 
@@ -107,5 +105,5 @@
             return default
 
     def restrictedTraverse(self, path, default=_marker):
-        self.unrestrictedTraverse(self, path, default, restricted=1)
+        return self.unrestrictedTraverse(path, default, restricted=1)