[Zope-dev] Puzzling change to guarded_getitem in Zope 2.8

[Richard Jones]

I'm migrating our 2.7-developed Product to 2.8. The following change has me 
puzzled. In 2.7,  AccessControl.ZopeGuards guarded_getitem has the following 
code:

def guarded_getitem(object, index):
    [ snip handling of slices ]
    ...
    v = object[index]
    if Containers(type(object)) and Containers(type(v)):
        # Simple type.  Short circuit.
        return v
    if getSecurityManager().validate(object, object, index, v):
        return v
    raise Unauthorized, 'unauthorized access to element %s' % `i`

note the use of "index" in the validate call. In 2.8, this appears as:

def guarded_getitem(object, index):
    [ snip handling of slices ]
    ...
    v = object[index]
    if Containers(type(object)) and Containers(type(v)):
        # Simple type.  Short circuit.
        return v
    if getSecurityManager().validate(object, object, None, v):
        return v
    raise Unauthorized, 'unauthorized access to element %s' % `i`

where "index" has become "None". This would appear to imply that we can't 
perform access controls on a per-item basis in sequences or mappings, unless 
we do so in the actual __getitem__ method, which implies there's no such 
thing as trusted code. We have an access policy implementation of:

    def _checkAccess(self, name, value):
        if name.startswith('CG'):
            return 1
        if self.isValidAggregateName(name):
            return 1
        return 0
    security.setDefaultAccess(_checkAccess)

which obviously doesn't work any more, since "name" is never a item name, it's 
always None.


    Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20050826/08ea888b/attachment.bin