[Zope] Traverse hook and security

Toby Dickenson tdickenson@geminidataloggers.com
Wed, 20 Jun 2001 12:23:01 +0100


On Wed, 20 Jun 2001 00:27:29 -0700 (PDT), Dirksen
<dirksen_lau@yahoo.com> wrote:

>I'm developing a Zope product myContainer. It has a traverse hook like =
this:
>def __bobo_traverse__(self, REQUEST, name):
>    return MyObj(name)
>
>MyObj is a transient wrapper class, its properties are populated from a =
db. Say I've
>created an instance of the container in Zodb as myContainer, I can visit=
 this url:
>http://localhost/myContainer/someObj/index_html
>
>But when I visit this as the Manager:
>http://localhost/myContainer/someObj/manage_workspace
>
>Zope throws out an authorization box. I have to log in as emergency =
super user to be able
>to visit any methods prefixed as 'manage_' under someObj.
>
>Is there something missing in my hook?

If you want the transient object to participate in the security
system, using the same security settings as the object that creates it
('someObj') then you need

def __bobo_traverse__(self, REQUEST, name):
    return MyObj(name).__of__(self)


and for MyObj to be derived from a Acquisition.Implicit (or
equivalent)

Toby Dickenson
tdickenson@geminidataloggers.com