[Zope-dev] CatalogBrains.getObject and unrestricted code
In ZCatalog's brains, getObject currently does a restrictedTraverse to get the object. That's a problem for unrestricted code that needs to get to the object nevertheless, even if the user cannot get to it. For instance CMF is impacted, when it tries to reindex the security of all subobjects of a given object. Unless someone is opposed to it, I'll add a _getObject method that does an unrestrictedTraverse, and make CMF use it if available. Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of RD +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] CatalogBrains.getObject and unrestricted code
--On Montag, 29. November 2004 18:15 Uhr +0100 Florent Guillaume [EMAIL PROTECTED] wrote: In ZCatalog's brains, getObject currently does a restrictedTraverse to get the object. That's a problem for unrestricted code that needs to get to the object nevertheless, even if the user cannot get to it. For instance CMF is impacted, when it tries to reindex the security of all subobjects of a given object. Unless someone is opposed to it, I'll add a _getObject method that does an unrestrictedTraverse, and make CMF use it if available. There is already a collector issue #1534 where ChrisW tracked something down in Traversable.py. However I have no idea if this is true or related to the problem. Andreas ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] CatalogBrains.getObject and unrestricted code
Yes, http://collector.zope.org/Zope/1534 is related. But in any case if getObject returns a subset of available objects (and None or Unauthorized for the others), we still needs a _getObject method that returns all of them, for unrestricted code. Florent Andreas Jung wrote: --On Montag, 29. November 2004 18:15 Uhr +0100 Florent Guillaume [EMAIL PROTECTED] wrote: In ZCatalog's brains, getObject currently does a restrictedTraverse to get the object. That's a problem for unrestricted code that needs to get to the object nevertheless, even if the user cannot get to it. For instance CMF is impacted, when it tries to reindex the security of all subobjects of a given object. Unless someone is opposed to it, I'll add a _getObject method that does an unrestrictedTraverse, and make CMF use it if available. There is already a collector issue #1534 where ChrisW tracked something down in Traversable.py. However I have no idea if this is true or related to the problem. Andreas -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of RD +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )