[Zope-dev] Re: CatalogBrains since Zope2.7.1b1
Casey Duncan
casey at zope.com
Fri Jun 25 09:34:06 EDT 2004
On Sat, 19 Jun 2004 20:14:47 -0300
Leonardo Rochael Almeida <leo at hiper.com.br> wrote:
> On Wed, 16 Jun 2004 11:16:55 +0200
> > Eric Brun <eric.brun at pentila.com> wrote:
> >
> > >
> > >
> > > Hi,
> > >
> > > I have a problem with 'getObject' method of CatalogBrains class on
> > > Zope271b1 : it's return None. But with a Zope2.7.0 my object is
> > > correctly find and returned. The permissions are right.
> >
>
> Em Qua, 2004-06-16 às 11:28, Casey Duncan escreveu:
> > getObject was refactored recently and its security was increased. It
> > uses restrictedTraverse() now, which means that you need access to
> > all of the enclosing folders as well as the object. Before, no
> > security checking was performed by getObject.
> >
> > I suspect you do not have access to one of the containing folders.
>
> I certainly hope he'd get a permission error instead of silent 'None'
> for '.getObject()' in this case or I'd consider it a bug :-)
Me to, except that changing this behavior will break existing apps.
There is an implicit contract the getObject should not raise errors.
Perhaps this means we need a different method with better behavior.
Somehow that doesn't seem all that appealing, however.
-Casey
More information about the Zope-Dev
mailing list