[Zope-Checkins] CVS: Zope/lib/python/OFS - Traversable.py:1.15.6.3
Shane Hathaway
shane@zope.com
Tue, 14 Jan 2003 09:56:13 -0500
Update of /cvs-repository/Zope/lib/python/OFS
In directory cvs.zope.org:/tmp/cvs-serv15475
Modified Files:
Tag: Zope-2_6-branch
Traversable.py
Log Message:
When restrictedTraverse() was changed to use guarded_getattr(), it grew a
new bug. Denied access to acquired attributes resulted in an AttributeError.
On some sites that can mean that the user never gets prompted for credentials.
This is the conservative fix. The more thorough fix will go in Zope 2.7.
=== Zope/lib/python/OFS/Traversable.py 1.15.6.2 => 1.15.6.3 ===
--- Zope/lib/python/OFS/Traversable.py:1.15.6.2 Wed Sep 18 11:50:31 2002
+++ Zope/lib/python/OFS/Traversable.py Tue Jan 14 09:55:40 2003
@@ -136,7 +136,17 @@
else:
if restricted:
- o = guarded_getattr(object, name, M)
+ try:
+ o = guarded_getattr(object, name, M)
+ except AttributeError:
+ # XXX guarded_getattr in Zope 2.5 and 2.6
+ # raises AttributeError if the user is not
+ # allowed to access an acquired attribute,
+ # even if a default is passed to guarded_getattr.
+ # Re-raising Unauthorized here only cures the
+ # symptom. In Zope 2.7, guarded_getattr behaves
+ # correctly but the change may have broad effects.
+ raise Unauthorized, name
else:
o = get(object, name, M)
if o is M: