Re: [Zope-dev] Re: CatalogBrains since Zope2.7.1b1
Casey Duncan wrote at 2004-6-25 09:36 -0400: On Thu, 24 Jun 2004 19:04:55 +0200 Dieter Maurer [EMAIL PROTECTED] wrote: ... I think, you should only require access rights to the object itself and not to all folders from the root to the object. ... That ZCatalog identifies objects by physical path is an implementation artifact. It should not make it impossible to access an object via the catalog that otherwise can be accessed without problem. ... For hysterical raisins, REQUEST.traverse() does not behave this way. It instead checks only the final object traversed. That's a good behaviour... Except when it isn't ;^) OTOH it is closer to the behavior of getObject in 2.7.0. Ironically it used to use restrictedTraverse long ago... Have you gotten the main argument? That ZCatalog identifies objects by physical path is an implementation artifact. It should not make it impossible to access an object via the catalog that otherwise can be accessed without problems. When you implement getObject via restrictedTraverse, then you let getObject() fail for some objects that *are* accessible by the current user (because this access need not to use the complete path from the root). Do not do that! -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: CatalogBrains since Zope2.7.1b1
On Fri, 25 Jun 2004 20:26:30 +0200 Dieter Maurer [EMAIL PROTECTED] wrote: Casey Duncan wrote at 2004-6-25 09:36 -0400: On Thu, 24 Jun 2004 19:04:55 +0200 Dieter Maurer [EMAIL PROTECTED] wrote: ... I think, you should only require access rights to the object itself and not to all folders from the root to the object. ... That ZCatalog identifies objects by physical path is an implementation artifact. It should not make it impossible to access an object via the catalog that otherwise can be accessed without problem. ... For hysterical raisins, REQUEST.traverse() does not behave this way. It instead checks only the final object traversed. That's a good behaviour... Except when it isn't ;^) OTOH it is closer to the behavior of getObject in 2.7.0. Ironically it used to use restrictedTraverse long ago... Have you gotten the main argument? Yes, I intend to change it to use unrestrictedTraverse and then validate the returned object. So there... 8^P -Casey ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: CatalogBrains since Zope2.7.1b1
Casey Duncan wrote at 2004-6-18 09:58 -0400: ... Security was tightened for getObject recently as part of a general refactor of that code. I am happy to consider whether the security is too tight, in which case it could be backed off a bit. I think, you should only require access rights to the object itself and not to all folders from the root to the object. It is not uncommon that upper levels are more restricted than subhierarchies. This is what Zope's URL traversal allows: Only the object identified by URL traversal is accessed checked. That ZCatalog identifies objects by physical path is an implementation artifact. It should not make it impossible to access an object via the catalog that otherwise can be accessed without problem. ... For hysterical raisins, REQUEST.traverse() does not behave this way. It instead checks only the final object traversed. That's a good behaviour... -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: CatalogBrains since Zope2.7.1b1
On Wed, 16 Jun 2004 11:16:55 +0200 Eric Brun [EMAIL PROTECTED] wrote: Hi, I have a problem with 'getObject' method of CatalogBrains class on Zope271b1 : it's return None. But with a Zope2.7.0 my object is correctly find and returned. The permissions are right. Em Qua, 2004-06-16 às 11:28, Casey Duncan escreveu: getObject was refactored recently and its security was increased. It uses restrictedTraverse() now, which means that you need access to all of the enclosing folders as well as the object. Before, no security checking was performed by getObject. I suspect you do not have access to one of the containing folders. I certainly hope he'd get a permission error instead of silent 'None' for '.getObject()' in this case or I'd consider it a bug :-) Cheers, Leo -- Leonardo Rochael Almeida [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )