[Zope3-dev] Re: Traversal question

Jim Fulton jim at zope.com
Thu Mar 10 10:10:51 EST 2005 

Roger Ineichen wrote:
> Hi together 
> 
> I have a question abaout the traversal concept.
> I'm not sure if I'm totaly wrong or not.
> 
> First:
> ------
> 
> We have site's and it's possible to have subsites.
> 
> Each of this site, subsite can have own rules
> for to login. (actually done with PlugableAuthenticcationUtility)
> 
> 
> Setup:
> ------
> 
> /root/site/subsite
> 
> On each site (site and subsite) is a PAU installed
> with own principals.
> 
> In the site we have a principal called 'siteMember'
> and in the subsite a principal called 'subsiteMember'.
> 
> If the principal 'subsiteMember' has access to the 
> subsite and tries to login. He get's the login challenger
> from the site and not the subsite's PAU.
> 
> Reason why:
> -----------
> The travers mechanism is using ITraversable adapters or views.
> This views have the permission zope.Public that's Ok.
> But this means if we get to a object let's say the 'site'.
> We don't have the permission to travers to this object.
> But we have permissions for the sub object of the site.

You need to use components to get to the subsite.  The traversal
components are enough.

> Proposal:
> ---------
> Again, I'm not sure if this is correct or has other impact.
> 
> Register the ITraversable with trusted="True" so we get a 
> trusted adapter which can travers the object we don't have 
> access to (like the site). 

Right *and* make this public.  This is what I did for one
of our projects:


   <adapter
       for="zope.app.container.interfaces.IItemContainer
            zope.publisher.interfaces.browser.IBrowserRequest"
       provides="zope.publisher.interfaces.browser.IBrowserPublisher"
       factory="zope.app.container.traversal.ItemTraverser"
       permission="zope.Public"
       trusted='1'
       />

   <adapter
       for="zope.app.container.interfaces.ISimpleReadContainer
            zope.publisher.interfaces.browser.IBrowserRequest"
       provides="zope.publisher.interfaces.browser.IBrowserPublisher"
       factory="zope.app.container.traversal.ItemTraverser"
       permission="zope.Public"
       trusted='1'
       />


> This means we can travers each object!
> 
> Is this a problem?

Probably not in general.

 > I don't think so, because we do not
> call the objects directly, we call a view of the objects
> which are protected by other permissions. And if a trusted
> adapter is calling such view or a object which the traverser
> can access, we run at least at this time in a Unathorized 
> situation.

Right.

This is easy to configure.

Jim


-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope3-dev mailing list