[Zope-dev] ZCatalog getObject broken
Andreas Jung
lists at andreas-jung.com
Thu Mar 10 07:04:59 EST 2005
--On Donnerstag, 10. März 2005 12:49 Uhr +0100 Florent Guillaume
<fg at nuxeo.com> wrote:
> Guys,
>
> Dieter Maurer <dieter at handshake.de> wrote:
>> Roché Compaan wrote at 2005-2-25 17:22 +0200:
>> > Last year in March the following checkin was made that changed
>> > ZCatalog's getObject to use restrictedTraverse instead of
>> > unrestrictedTraverse. See:
>> >
>> > http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html
>> >
>> > In my opininion this is wrong,
>>
>> I agree with you!
>
> Me also.
>
>> > ...
>> > I would propose that getObject does an unrestrictedTraverse of the path
>> > and then checks if the user has permission to access that the object.
>>
>> I argued precisely this approach with the person who made the
>> change. I had the impression that I have convinced him -- but
>> apparently, he did not change the code accordingly :-(
>>
>> Maybe, a bug report to the collector will help?
>>
>> <http://www.zope.org/Collectors/Zope>
>
> Roché has added http://www.zope.org/Collectors/Zope/1713
>
> I intend to fix this before 2.7.5 final, probably today or tonight.
> I feel this is sufficiently important to warrant a fix now.
> I guess it'll mean an RC2.
>
Please see my remark on this issue in the collector.
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20050310/8c1cd54f/attachment.bin
More information about the Zope-Dev
mailing list