Last year in March the following checkin was made that changed ZCatalog's getObject to use restrictedTraverse instead of unrestrictedTraverse. See:
http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html In my opininion this is wrong, and just cost me a good three hours to figure out why big parts of one of our apps broke after an upgrade to Zope 2.7.3. What's worse is that there is nowhere a trace of this change in HISTORY.txt or CHANGES.txt. Anybody with a site structure that has less restrictive access deeper into the site would agree that getObject should do an unrestrictedTraverse. restrictedTraverse returns None as soon as it traverses an object a user does not have access to, regardless if the user has access to the object referred to by the full path. To illustrate imagine the following: You have a site with a folder containg documents at '/documents'. Inside that folder you have a whole bunch of documents where users have a local role of owner to give them permission to access only their own documents. You use a Catalog query to get the list of documents belonging to a particular user and want to use getObject to retrieve the objects found. But, it won't work because restrictedTraverse already fails when traversing the 'documents' folder. I would propose that getObject does an unrestrictedTraverse of the path and then checks if the user has permission to access that the object. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
