Casey Duncan wrote at 2004-6-25 09:36 -0400:
>On Thu, 24 Jun 2004 19:04:55 +0200
>Dieter Maurer <[EMAIL PROTECTED]> wrote:
> ...
>> I think, you should only require access rights to the object itself
>> and not to all folders from the root to the object.
> ...
>> That ZCatalog identifies objects by physical path is an implementation
>> artifact. It should not make it impossible to access an
>> object via the catalog that otherwise can be accessed without
>> problem.
>> 
>> > ...
>> >For hysterical raisins, REQUEST.traverse() does not behave this way.
>> >It instead checks only the final object traversed.
>> That's a good behaviour...
>
>Except when it isn't ;^) OTOH it is closer to the behavior of getObject
>in 2.7.0. Ironically it used to use restrictedTraverse long ago...

Have you gotten the main argument?

  That ZCatalog identifies objects by physical path is an
  implementation artifact. It should not make it impossible
  to access an object via the catalog that otherwise can be accessed
  without problems.

When you implement "getObject" via "restrictedTraverse", then
you let "getObject()" fail for some objects that *are*
accessible by the current user (because this access need not
to use the complete path from the root).

Do not do that!


-- 
Dieter
_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to