[Zope-dev] __bobo_traverse__, new ZCatalog and ZClasses
Steve Alexander
steve@cat-box.net
Sun, 24 Dec 2000 21:19:40 +0000
Zope 2.3, from cvs on 2000-12-24, patched with Chris P's latest ZCatalog
stuff.
I'm getting a bad interaction between ZClasses, ZCatalog and
__bobo_traverse__.
I have some ZClasses that are accessed via a container that implements
__bobo_traverse__. The problem is that, although I can get to the ZClass
instances by typing a URL into by browser, I get a security error when I
try to get to them using restrictedTraverse.
This causes a problem, as it means these instances cannot be catalogued
in a ZCatalog, because ZCatalog now uses restrictedTraverse to get an
object for indexing.
The zope security validation gets stuck between not knowing for sure
what the object's container is (according to comments from
Traversable.py), and ZClasses not returning anything for __roles__.
ZPatterns jargon paragraph:
All this causes a problem if you want to use the ZPatterns idiom of
ZClass DataSkins in a Specialist, catalogued using a ZCatalog. You can
get around it by providing a __roles__ attribute using SkinScript.
Is there some bug in the ZClasses __roles__ machinery?
When does __roles__ get set on objects or classes anyway? I've found the
description of what __roles__ are used for in the old Trinkets tutorial
document. I think things have moved on a bit since then, though.
Some relevant code snippets:
Traversable.py
t=get(object, '__bobo_traverse__', N)
if t is not N:
o=t(REQUEST, name)
# Note we pass no container, because we have no
# way of knowing what it is
if (restricted and not securityManager.validate(
object, None, name, o)):
raise 'Unauthorized', name
ZopeSecurityPolicy.py, line 123:
# Try to get roles
roles=getattr(value, '__roles__', _noroles)
if roles is _noroles:
############################################################
# We have an object without roles. Presumabely, it's
# some simple object, like a string or a list.
--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net