Roché Compaan wrote:
I'm unsure about the security check in the patch below - I copied the
way restrictedTraverse does it. I read through validate in the default
security policy but it is one of those methods where all the security
implications doesn't fit in your head all at once.
---
On Thu, 2005-03-03 at 09:27 +0100, Max M wrote:
Roché Compaan wrote:
I'm unsure about the security check in the patch below - I copied the
way restrictedTraverse does it. I read through validate in the default
security policy but it is one of those methods where all the security
Roché Compaan wrote:
+obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
+if obj and securityManager.validate(obj, obj, None, None):
+return obj
+else:
+return None
Urm, Roche, doesn't the above seek to do exactly what...
return
On Thu, 2005-03-03 at 14:56 +, Chris Withers wrote:
Roché Compaan wrote:
+obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
+if obj and securityManager.validate(obj, obj, None, None):
+return obj
+else:
+return None
Roché Compaan wrote at 2005-3-3 09:53 +0200:
...
-return self.aq_parent.restrictedTraverse(self.getPath(), None)
+obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
+if obj and securityManager.validate(obj, obj, None, None):
I think this is not correct:
On Thu, 2005-03-03 at 19:36 +0100, Dieter Maurer wrote:
Roché Compaan wrote at 2005-3-3 09:53 +0200:
...
-return self.aq_parent.restrictedTraverse(self.getPath(), None)
+obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
+if obj and