With an object path /A/B/C where C has a local role allowing a user to
view C but where B disallows acquisition of the View permission, the
publisher correctly allows the user to see C.

However restrictedTraverse('/A/B/C') fails ("You are not allowed to
access B in this context"). This is because restrictedTraverse checks
the security (using "validate") at *every* step, and obviously the
user is not allowed to see B.  Is there a reason for this ? Why not
simply validate only at the last step ?

I have the need to programatically access object protected in such a
way. The workaround I'm going to use in my code for now is to call
unrestrictedTraverse and validate() by hand the resulting object.  But
I'm concerned that there may be a more profound security reason I'm
missing.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:[EMAIL PROTECTED]


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to