-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Laurence Rowe wrote: > Laurence Rowe wrote: > >> To fix this we need to add a __bobo__traverse__ method to Skinnable that >> looks up objects in the order: >> >> 1. getattr(aq_base(obj), name), but excluding skin objects >> >> 2. views >> >> 3. getattr(aq_base(obj), name), including skin objects >> >> 4. getattr(obj, name) > > Hmm. It looks as if the __bobo_traverse__ method will require access to > the `restricted` argument to unrestrictedTraverse. I can't see any way > to access this other than: > > sys._getframe(1).f_locals['restricted'] > > Which is more than a little ugly.
I don't get it: why isn't OFS.Traversable's check sufficient? __bobo_traverse__ has a bad enough (insane, actually) contract, without adding security checking to it. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIZldK+gerLs4ltQ4RAqvWAJ4zkDSAUzHLIfUqPtnCqCM1wTkHowCgwVs4 6zMF1gUxD7qVZ4y/i8dSHy4= =vy5T -----END PGP SIGNATURE----- _______________________________________________ Zope-CMF maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
