Chris Withers wrote:
> Florent Guillaume wrote:
>>>> Specifically, in CMFCatalogAware.reindexObjectSecurity (recently
>>>> introduced by Florent Guillaume if I recall), it assumes getObject()
>>>> will return None in a failure.
>>>
>>>
>>> Yes, see http://www.zope.org/Collectors/CMF/337 which I'm about to fix.
> 
> 
> This is a bad fix IMNSHO :-(
> Why was getObject not returning an object?

It could raise Unauthorized because the current user is not allowed to
access the returned object, which is the case if there are security
restrictions lower in the object tree. Which is something you don't seem
to grok.

> That condition has been accepted for far too long and, reading the rest
> of the thread here, seems to be a bug in this case.

No.

> Furthermore, rather than effectively re-implementing getObject in CMF
> code, why didn't we just catch the exceptions that are now being raised?

Because we want to get to that object and reindex it.

> Anyone mind if I revert this checking?

Yes, me. Stop threatening to revert checkins, Chris.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   [EMAIL PROTECTED]
_______________________________________________
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

Reply via email to