On Thu, 2005-03-03 at 19:36 +0100, Dieter Maurer wrote:
> Roché Compaan wrote at 2005-3-3 09:53 +0200:
> > ...
> >-return self.aq_parent.restrictedTraverse(self.getPath(), None)
> >+obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
> >+if obj and securityManage
Roché Compaan wrote at 2005-3-3 09:53 +0200:
> ...
>-return self.aq_parent.restrictedTraverse(self.getPath(), None)
>+obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
>+if obj and securityManager.validate(obj, obj, None, None):
I think this is not correct: "v
On Thu, 2005-03-03 at 14:56 +, Chris Withers wrote:
> Roché Compaan wrote:
> > +obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
> > +if obj and securityManager.validate(obj, obj, None, None):
> > +return obj
> > +else:
> > +return
Roché Compaan wrote:
+obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
+if obj and securityManager.validate(obj, obj, None, None):
+return obj
+else:
+return None
Urm, Roche, doesn't the above seek to do exactly what...
return self.aq_p
On Thu, 2005-03-03 at 09:27 +0100, Max M wrote:
> Roché Compaan wrote:
>
> > I'm unsure about the security check in the patch below - I copied the
> > way restrictedTraverse does it. I read through validate in the default
> > security policy but it is one of those methods where all the security
>
Roché Compaan wrote:
I'm unsure about the security check in the patch below - I copied the
way restrictedTraverse does it. I read through validate in the default
security policy but it is one of those methods where all the security
implications doesn't fit in your head all at once.
--- CatalogBrain
