On Wed, 2002-09-25 at 06:41, Ignacio Dosil Lago wrote:
> -- I am developing a CMF "link" product which defines its own traverse method:
> 
>   def __bobo_traverse__(self, request, name=None):
>     "Traverse method hook"
>     
>     if hasattr(self, name):
>       # return own attributes/subobjects
>       return getattr(self, name)
>     else:
>       t= self.getTarget()
>       if hasattr(t, name):
>         # return target's attributes/subobjects
>         return getattr(t, name)
>       else:
>         return t
> 
> -- It works fine under the ZMI but when I try to access an object of this 
> product into a CMF portal using the CMF interface, Zope requests me login 
> name and password (even if I am admin!!), which it doesn't accept, so the 
> only way to continue is to cancel instead of triying to log in.

I don't know why it would work in the ZMI;  this smells like a problem
in the way you wrap (or don't) the target object returned by
'getTarget'.  Try the following to test that:

    from Acquisition import aq_base, aq_parent
    def __bobo_traverse__(self, request, name=None):
      "Traverse method hook"
     
      if hasattr(self, name):
        # return own attributes/subobjects
        return getattr(self, name)
      else:
        t = self.getTarget()
        t = aq_base( t ).__of__( aq_parent( self ) )
        if hasattr(t, name):
          # return target's attributes/subobjects
          return getattr(t, name)
        else:
          return t

This version addresses the issue that the security machinery expects to
crawl up the containment part of the acquisition chain to verify that
the user and the accessed object are in proper relation to one another; 
it does this by ripping off any existing acquisition wrapper (the
'aq_base' call) and re-wrapping the object in the context of the link's
parent ( the '__of__' call).

Hope this helps,

Tres.
-- 
===============================================================
Tres Seaver                                [EMAIL PROTECTED]
Zope Corporation      "Zope Dealers"       http://www.zope.com


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to