[Zope3-dev] Layerd security proxies when using
__Security_checker__
Gary Poster
gary at zope.com
Sun Mar 13 08:00:14 EST 2005
On Mar 13, 2005, at 12:29 AM, Garrett Smith wrote:
> I'm running into a case where I'm getting a security-proxied security
> proxy.
ew. :-)
> If I understand the code correctly, the implementation of Checker's
> proxy method is at fault:
>
> def proxy(self, value):
> checker = getattr(value, '__Security_checker__', None)
> if checker is None:
> checker = selectChecker(value)
> if checker is None:
> return value
> return Proxy(value, checker)
>
> This problem shows up in the first line for objects that provide
> __Security_checker__. A proxy will happily return its proxied object's
> __Security_checker__, causing it to become re-proxied.
>
> I believe `proxy` should explicitly check for security proxies:
>
> def proxy(self, value):
> if type(value) is Proxy:
> return value
> ...
>
FWIW, my understanding is that this is best spelled with
zope.proxy.isProxy:
import zope.proxy
def proxy(self, value):
if zope.proxy.isProxy(value, Proxy):
return value
...
I believe that the difference between the two is that this code handles
nested proxies, of which one might be a security proxy, and the
"type(value) is Proxy" approach does not. Could be wrong.
Gary
More information about the Zope3-dev
mailing list