[Zope-dev] ZCatalog getObject broken
Florent Guillaume
fg at nuxeo.com
Thu Mar 10 06:49:10 EST 2005
Guys,
Dieter Maurer <dieter at handshake.de> wrote:
> Roché Compaan wrote at 2005-2-25 17:22 +0200:
> >Last year in March the following checkin was made that changed
> >ZCatalog's getObject to use restrictedTraverse instead of
> >unrestrictedTraverse. See:
> >
> >http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html
> >
> >In my opininion this is wrong,
>
> I agree with you!
Me also.
> > ...
> >I would propose that getObject does an unrestrictedTraverse of the path
> >and then checks if the user has permission to access that the object.
>
> I argued precisely this approach with the person who made the
> change. I had the impression that I have convinced him -- but
> apparently, he did not change the code accordingly :-(
>
> Maybe, a bug report to the collector will help?
>
> <http://www.zope.org/Collectors/Zope>
Roché has added http://www.zope.org/Collectors/Zope/1713
I intend to fix this before 2.7.5 final, probably today or tonight.
I feel this is sufficiently important to warrant a fix now.
I guess it'll mean an RC2.
Please shout if you find problems with this approach.
Florent
--
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com fg at nuxeo.com
More information about the Zope-Dev
mailing list