[Zope] Re: manager can, proxy role manager cannot

Dieter Maurer dieter@handshake.de
Sat, 18 Jan 2003 22:58:11 +0100


Geoff Horne wrote at 2003-1-17 14:45 -0800:
 > Dieter Maurer wrote :
 > 
 >  > An old bug (already in the collector): and several times discussed
 >  > in the mailing list (--> archives).
 >  >
 >  >   "CopyContainer._verifyObjectPaste" makes its checks without
 >  >   taking the execution context (i.e. Proxy Roles and Ovnership)
 >  >   into account.
 >  >
 >  > Your only chance it to fix the bug.
 > 
 > If this is such an old bug, there must be some sort of workaround ??
 > 
 > I want to give even Authenticated users the power to rename objects, but I 
 > don't want to give them manager access.
 > 
 > Does anyone know why it hasn't been fixed ??
I expect, it did not hurt that much that someone spend the
necessary time....

The bug may be in
"AccessControl.ZopeSecurityPolicy.ZopeSecurityPolicy.checkPermission".
It does not take into account proxy roles and executable owner.
But this can be purpose (as the "POSIX" access function checks
access rights for the real user and not the effective user).

In this case, the "checkPermission(mt_permission, self)" in
"CopySupport.CopyContainer._verifyObjectPaste" should
be replaced by something like:

   validate(None,self,method_name,getattr(self,method_name))

The problem with this is that "method_name" often is not
a method name but an URL (usually relative).
CMF uses this URL sometimes even with a query string (which
breaks things at other places, too).

Thus, the code would at least need to clean up the query string,
use unrestricted traverse to locate the method and
find some way to get its container (such that the "validate"
could work).

There might be other uses of "method_name" as well...

As you see, the fix it not really trivial.
Things may break at unexpected places....


Dieter