[Zope-Checkins] CVS: Zope/lib/python/OFS - Traversable.py:1.15.6.2
Shane Hathaway
shane@cvs.zope.org
Wed, 18 Sep 2002 11:51:02 -0400
Update of /cvs-repository/Zope/lib/python/OFS
In directory cvs.zope.org:/tmp/cvs-serv28751/lib/python/OFS
Modified Files:
Tag: Zope-2_6-branch
Traversable.py
Log Message:
Merge from head.
Finished fix for collector #558. restrictedTraverse() was not providing
adequate context for the security manager, resulting in excessive Unauthorized
errors. The previous fix corrected traversal using __bobo_traverse__();
this fix corrects traversal using getattr(). The problem was solved by
simply making use of AccessControl.ZopeGuards.guarded_getattr().
=== Zope/lib/python/OFS/Traversable.py 1.15.6.1 => 1.15.6.2 ===
--- Zope/lib/python/OFS/Traversable.py:1.15.6.1 Thu Sep 12 17:22:40 2002
+++ Zope/lib/python/OFS/Traversable.py Wed Sep 18 11:50:31 2002
@@ -19,6 +19,7 @@
from Acquisition import Acquired, aq_inner, aq_parent, aq_base
from AccessControl import getSecurityManager
from AccessControl import Unauthorized
+from AccessControl.ZopeGuards import guarded_getattr
from urllib import quote
_marker=[]
@@ -134,21 +135,11 @@
raise Unauthorized, name
else:
- o=get(object, name, M)
- if o is not M:
- if restricted:
- # waaaa
- if hasattr(aq_base(object), name):
- # value wasn't acquired
- if not securityManager.validate(
- object, object, name, o):
- raise Unauthorized, name
- else:
- if not securityManager.validate(
- object, N, name, o):
- raise Unauthorized, name
-
+ if restricted:
+ o = guarded_getattr(object, name, M)
else:
+ o = get(object, name, M)
+ if o is M:
o=object[name]
if (restricted and not securityManager.validate(
object, object, N, o)):