[ZPT] CVS: Releases/Zope/lib/python/Products/PageTemplates - Expressions.py:1.42

Evan Simpson evan@zope.com
Wed, 25 Sep 2002 18:57:56 -0400


Update of /cvs-repository/Releases/Zope/lib/python/Products/PageTemplates
In directory cvs.zope.org:/tmp/cvs-serv18255/lib/python/Products/PageTemplates

Modified Files:
	Expressions.py 
Log Message:
Fix Collector #581, with unit test.

Tidy up inconsistency use of getattr/guarded_getattr.


=== Releases/Zope/lib/python/Products/PageTemplates/Expressions.py 1.41 => 1.42 ===
--- Releases/Zope/lib/python/Products/PageTemplates/Expressions.py:1.41	Wed Sep 25 11:50:52 2002
+++ Releases/Zope/lib/python/Products/PageTemplates/Expressions.py	Wed Sep 25 18:57:55 2002
@@ -291,13 +291,6 @@
                        get=getattr, has=hasattr, N=None, M=[],
                        TupleType=type(()) ):
 
-    if not path[0]:
-        # If the path starts with an empty string, go to the root first.
-        object = object.getPhysicalRoot()
-        if not securityManager.validateValue(object):
-            raise Unauthorized
-        path.pop(0)
-
     REQUEST = {'path': path}
     REQUEST['TraversalRequestNameStack'] = path = path[:] # Copy!
     path.reverse()
@@ -310,9 +303,14 @@
             object = object(*name)
             continue
 
-        if name[0] == '_':
-            # Never allowed in a URL.
-            raise AttributeError, name
+        if not name or name[0] == '_':
+            # Skip directly to item access
+            o = object[name]
+            # Check access to the item.
+            if not validate(object, object, name, o):
+                raise Unauthorized, name
+            object = o
+            continue
 
         if name=='..':
             o = get(object, 'aq_parent', M)
@@ -333,8 +331,7 @@
                 container = aq_parent(aq_inner(o))
             elif has(o, 'im_self'):
                 container = o.im_self
-            elif (has(get(object, 'aq_base', object), name)
-                and get(object, name) == o):
+            elif (has(aq_base(object), name) and get(object, name) == o):
                 container = object
             if not validate(object, container, name, o):
                 raise Unauthorized, name
@@ -354,14 +351,14 @@
                         # Try to re-raise the original attribute error.
                         # XXX I think this only happens with
                         # ExtensionClass instances.
-                        get(object, name)
+                        guarded_getattr(object, name)
                     raise
                 except TypeError, exc:
                     if str(exc).find('unsubscriptable') >= 0:
                         # The object does not support the item interface.
                         # Try to re-raise the original attribute error.
                         # XXX This is sooooo ugly.
-                        get(object, name)
+                        guarded_getattr(object, name)
                     raise
                 else:
                     # Check access to the item.