Looks like there is a bug in Zope 2.10.2 with OFS/Traversable.py on line
228:
if not ok:
if (container is not None or
guarded_getattr(obj, name, _marker)
is not next):
raise Unauthorized(name)
Here is my debugging session:
(Pdb) guarded_getattr(obj, name, _marker)
'Guo Zhonghai'
(Pdb) obj
Contact at /creme/Contacts/Contact_1125
(Pdb) name
'title'
(Pdb) guarded_getattr(obj, name, _marker)
'Guo Zhonghai'
(Pdb) p next
'Guo Zhonghai'
(Pdb) guarded_getattr(obj, name, _marker) == next
True
(Pdb) guarded_getattr(obj, name, _marker) is next
False
(Pdb) type(guarded_getattr(obj, name, _marker)), type(next)
(type 'str', type 'str')
(Pdb) id(guarded_getattr(obj, name, _marker))
46912619931440
(Pdb) id(next)
46912619931720
Thus, often string attributes will fail with this check.
In my opinion the code should read:
if not ok:
if (container is not None or
guarded_getattr(obj, name, _marker)
!= next):
raise Unauthorized(name)
If you agree that his is a bug, I'll log it.
--
Roché Compaan
Upfront Systems http://www.upfrontsystems.co.za
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )