[Zope-dev] Re: CatalogBrains since Zope2.7.1b1
Dieter Maurer
dieter at handshake.de
Fri Jun 25 14:26:30 EDT 2004
Casey Duncan wrote at 2004-6-25 09:36 -0400:
>On Thu, 24 Jun 2004 19:04:55 +0200
>Dieter Maurer <dieter at handshake.de> wrote:
> ...
>> I think, you should only require access rights to the object itself
>> and not to all folders from the root to the object.
> ...
>> That ZCatalog identifies objects by physical path is an implementation
>> artifact. It should not make it impossible to access an
>> object via the catalog that otherwise can be accessed without
>> problem.
>>
>> > ...
>> >For hysterical raisins, REQUEST.traverse() does not behave this way.
>> >It instead checks only the final object traversed.
>> That's a good behaviour...
>
>Except when it isn't ;^) OTOH it is closer to the behavior of getObject
>in 2.7.0. Ironically it used to use restrictedTraverse long ago...
Have you gotten the main argument?
That ZCatalog identifies objects by physical path is an
implementation artifact. It should not make it impossible
to access an object via the catalog that otherwise can be accessed
without problems.
When you implement "getObject" via "restrictedTraverse", then
you let "getObject()" fail for some objects that *are*
accessible by the current user (because this access need not
to use the complete path from the root).
Do not do that!
--
Dieter
More information about the Zope-Dev
mailing list