Wichert Akkerman wrote: > Previously Raphael Ritz wrote: >> Currently, CMF(Default - and Plone for that matter) does not support >> this OOTB because CMFDefault's MembershipTool uses a simple getattr >> call for the 'membersfolder_id' on the site object. >> Changing this to use 'unrestrictedTraverse' instead resolves >> the problem including the possibility to specify the path (or >> relative content URL) to the folder in ZMI. > > Shouldn't it use restrictedTraverse? Is there a special reason you want > to bypass security?
The reasons are: (i) the current implementation doesn't check security either (ii) 'getMembersFolder' while public is most often called from 'getHomeFolder' which does check security so I think it is not necessary to check security twice. But should we change this at all I would be fine with 'restrictedTraverse' as well (in the sense of being defensive). Raphael > > Wichert. > _______________________________________________ Zope-CMF maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-cmf See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests
