-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurence Rowe wrote:
> Laurence Rowe wrote:
> 
>> To fix this we need to add a __bobo__traverse__ method to Skinnable that 
>> looks up objects in the order:
>>
>>  1. getattr(aq_base(obj), name), but excluding skin objects
>>
>>  2. views
>>
>>  3. getattr(aq_base(obj), name), including skin objects
>>
>>  4. getattr(obj, name)
> 
> Hmm. It looks as if the __bobo_traverse__ method will require access to 
> the `restricted` argument to unrestrictedTraverse. I can't see any way 
> to access this other than:
> 
>      sys._getframe(1).f_locals['restricted']
> 
> Which is more than a little ugly.

I don't get it:  why isn't OFS.Traversable's check sufficient?
__bobo_traverse__ has a bad enough (insane, actually) contract, without
adding security checking to it.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIZldK+gerLs4ltQ4RAqvWAJ4zkDSAUzHLIfUqPtnCqCM1wTkHowCgwVs4
6zMF1gUxD7qVZ4y/i8dSHy4=
=vy5T
-----END PGP SIGNATURE-----

_______________________________________________
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

Reply via email to