I wasn't concerned about leaking because the standard Zope security ensures no branches are returned that the principal cannot see. The sole call-site of BranchLookup.getIdAndTrailingPath was BranchRewriter._getBranchIdAndTrailingPath, so when I removed BranchLookup.getIdAndTrailingPath, I ported its privacy tests (test_branch_id_alias_transitive_private and test_branch_id_alias_transitive_private) to BranchRewriter._getBranchIdAndTrailingPath. The actual handling of Unauthorized exceptions is at 1134-1137.
I supposed cached data could leak if the cache was accessed using two different principals, but branch-rewrite always uses UnauthenticatedPrincipal AFAICT. -- https://code.launchpad.net/~abentley/launchpad/all-url-support/+merge/113294 Your team Launchpad code reviewers is subscribed to branch lp:launchpad. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp

