[Zope-dev] ZCatalog madness. (Must log in as emergencyuser.)
Chris McDonough
chrism@digicool.com
Sat, 24 Feb 2001 16:04:35 -0500
If you're using getobject to retrieve bog-standard indexed DTML methods,
Python Scripts, etc., you should never get an unauthorized from getobject
(although you *will* later get an unauthorized if youy try to do anything
with that object if you don't have an adequate set of roles). It's only if
you're using getobject to retrieve custom instances that it could
conceivably happen in getobject itself. Or at least that's what my Zope
here tells me. :-)
These problems suck.
----- Original Message -----
From: "Erik Enge" <erik@esol.no>
To: "Chris McDonough" <chrism@digicool.com>
Cc: <zope-dev@zope.org>
Sent: Saturday, February 24, 2001 3:18 PM
Subject: Re: [Zope-dev] ZCatalog madness. (Must log in as emergencyuser.)
> On Sat, 24 Feb 2001, Chris McDonough wrote:
>
> > I can't replicate this behavior with normal objects. :-(
>
> Riiight...
>
> *thinking very hard*
>
> I just realized how it all started. Me and a collegue was indexing
> objects, searching, doing regular development (probably changing classes,
> attributes etc.) and suddenly we were asked for the (then) SuperUser
> password. This was under 2.2.5.
>
> I remember thinking: "hm. that's odd...". But I had more important
> things on my mind (and this wasn't really my field of expertice) so I
> didn't dwell much on it.
>
> I'm trying to remember what we did when it happend, but I'm sorry to say I
> can't (it's been two, three weeks now). But, the good point - I guess -
> is that it hasn't got anything to do with Zope 2.3.1b1 in perticular.
>
> The sad thing, is that the problem is probably due to some of Python
> classes begin set up correctly, or accordingly to the Product API. That's
> what I'm guessing anyways.
>
> I'll run some more tests to make sure these assumptions are correct. More
> feedback, and hopefully a solution, to come this week.
>
> Sorry for not realizing this sooner, it would've saved us all lots of
> time.
>
>