[Zope-Checkins] CVS: Zope/lib/python/OFS - Traversable.py:1.13.16.2
Shane Hathaway
shane@cvs.zope.org
Wed, 18 Sep 2002 11:52:23 -0400
Update of /cvs-repository/Zope/lib/python/OFS
In directory cvs.zope.org:/tmp/cvs-serv28903/lib/python/OFS
Modified Files:
Tag: Zope-2_5-branch
Traversable.py
Log Message:
Merge from head, adding a note to CHANGES.txt.
Finished fix for collector #558. restrictedTraverse() was not providing
adequate context for the security manager, resulting in excessive Unauthorized
errors. The previous fix corrected traversal using __bobo_traverse__();
this fix corrects traversal using getattr(). The problem was solved by
simply making use of AccessControl.ZopeGuards.guarded_getattr().
=== Zope/lib/python/OFS/Traversable.py 1.13.16.1 => 1.13.16.2 ===
--- Zope/lib/python/OFS/Traversable.py:1.13.16.1 Thu Sep 12 17:24:56 2002
+++ Zope/lib/python/OFS/Traversable.py Wed Sep 18 11:51:52 2002
@@ -19,6 +19,7 @@
from Acquisition import Acquired, aq_inner, aq_parent, aq_base
from AccessControl import getSecurityManager
from AccessControl import Unauthorized
+from AccessControl.ZopeGuards import guarded_getattr
from string import split, join
from urllib import quote
@@ -135,21 +136,11 @@
raise Unauthorized, name
else:
- o=get(object, name, M)
- if o is not M:
- if restricted:
- # waaaa
- if hasattr(aq_base(object), name):
- # value wasn't acquired
- if not securityManager.validate(
- object, object, name, o):
- raise Unauthorized, name
- else:
- if not securityManager.validate(
- object, N, name, o):
- raise Unauthorized, name
-
+ if restricted:
+ o = guarded_getattr(object, name, M)
else:
+ o = get(object, name, M)
+ if o is M:
o=object[name]
if (restricted and not securityManager.validate(
object, object, N, o)):