[Zope-dev] CatalogBrains.getObject and unrestricted code
Florent Guillaume
fg at nuxeo.com
Mon Nov 29 12:39:12 EST 2004
Yes, http://collector.zope.org/Zope/1534 is related.
But in any case if getObject returns a subset of available objects (and
None or Unauthorized for the others), we still needs a _getObject method
that returns all of them, for unrestricted code.
Florent
Andreas Jung wrote:
>
>
> --On Montag, 29. November 2004 18:15 Uhr +0100 Florent Guillaume
> <fg at nuxeo.com> wrote:
>
>> In ZCatalog's brains, getObject currently does a restrictedTraverse to
>> get the object. That's a problem for unrestricted code that needs to get
>> to the object nevertheless, even if the user cannot get to it.
>>
>> For instance CMF is impacted, when it tries to reindex the security of
>> all subobjects of a given object.
>>
>> Unless someone is opposed to it, I'll add a _getObject method that does
>> an unrestrictedTraverse, and make CMF use it if available.
>>
>
> There is already a collector issue #1534 where ChrisW tracked something
> down
> in Traversable.py. However I have no idea if this is true or related to
> the problem.
>
> Andreas
--
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com fg at nuxeo.com
More information about the Zope-Dev
mailing list