[Zpt] A few changes...

Evan Simpson evan@digicool.com
Fri, 9 Mar 2001 12:27:45 -0600


From: "Shane Hathaway" <shane@digicool.com>
> 1) PresentationTemplate.py declares security assertions for a bunch of
> methods at once.  This works, but it makes it harder to audit security.
> Splitting up the assertions is easy but will affect a lot of lines at
> once and I didn't want to do something that will cause conflicts with
> someone's CVS sandbox.  Is anyone making any major changes in this area?

I'm not sure what you mean, but if you feel strongly about this, go for it.

> 2) Expressions.py has its own restrictedTraverse() and it's actually
> *unrestricted*.  I'm guessing the reason is because it was denying
> access to something, but I think I spotted the real problem: it tries to
> traverse the first element of the path.  unrestrictedTraverse() should
> only be used with the second element of the path expression.

This is a hack and a half, due to time pressure before I left for Verizon.
First, the (un)restrictedTraverse methods need to be factored out of
Traversable so that they can be used in other places (like this one).  I
didn't have time for that, so I cut&pasted.  Next, I kept getting
Unauthorized errors and had no time to figure out why, so I hacked out
security checks.

I'll be really happy to have this done properly.

Cheers,

Evan @ TX