[Zope3-dev] Layerd security proxies when using __Security_checker__
Garrett Smith
garrett at mojave-corp.com
Sun Mar 13 00:29:48 EST 2005
I'm running into a case where I'm getting a security-proxied security
proxy.
If I understand the code correctly, the implementation of Checker's
proxy method is at fault:
def proxy(self, value):
checker = getattr(value, '__Security_checker__', None)
if checker is None:
checker = selectChecker(value)
if checker is None:
return value
return Proxy(value, checker)
This problem shows up in the first line for objects that provide
__Security_checker__. A proxy will happily return its proxied object's
__Security_checker__, causing it to become re-proxied.
I believe `proxy` should explicitly check for security proxies:
def proxy(self, value):
if type(value) is Proxy:
return value
...
I've tested this with the Python code, and it addresses the issue. All
tests pass.
I won't venture to modify the C code.
Could the owner of this code take a look at this? I can add a collector
issue if we want to go that route.
-- Garrett
More information about the Zope3-dev
mailing list