[Zope-dev] Itemtraverser and Unauthorized vs Views
Christian Theune
ct at gocept.com
Tue Jun 24 07:39:28 EDT 2008
Hi,
I have a problem with the standard item traverser provided by
zope.app.container:
The item traverser looks up a object using the given name and a __getitem__
call on the context. If this raises a KeyError it tries to look up a view
given the same name.
If the user does not have the permission to access __getitem__ it will let the
Unauthorized exception pass through.
I my situation I have two views for which the user doesn't really need the
permission to access __getitem__ on the container but they can't access the
views because the __getitem__ call will be tried anyway.
I can explicitly make the URL use '@@viewname' and bypass the item traverser,
but I don't like the @@s in the URL. I wonder whether adding Unauthorized to
the KeyError would be reasonable.
Christian
--
Christian Theune · ct at gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1
Zope and Plone consulting and development
More information about the Zope-Dev
mailing list