On Thu, 2005-03-03 at 14:56 +0000, Chris Withers wrote:
> Roché Compaan wrote:
> > +        obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
> > +        if obj and securityManager.validate(obj, obj, None, None):
> > +            return obj
> > +        else:
> > +            return None
> 
> Urm, Roche, doesn't the above seek to do exactly what...
> 
> return self.aq_parent.restrictedTraverse(self.getPath(), None)
> 
> ...does?

No it doesn't, restrictedTraverse fails along the way. If the path
is /a/b and the user doesn't have access to /a/ restrictedTraverse will
return None even though the user has access to /a/b/. In my code above
we only do a security check on the object that the full path resolves
to.

> 
> The problem is that an error should be raised, Unauthorized in my 
> opinion, rather than None being returned.

I would be ok with raising Unauthorized but it is not backwards
compatible. I suppose changing to 'unrestrictedTraverse' is also not
backward compatible but the current 'getObject' seems to suggest that we
do not want to raise an exception when the user does not have permission
to access the object. Is there some use case for 'getObject' that we are
missing here?

> None should never be returned in place of a brain, although I'll soften 
> that to say that if it does, it means something weird has happened (used 
> to mean the object the catalog entry mapped to had gone away)

I agree.

-- 
Roché Compaan
Upfront Systems                 http://www.upfrontsystems.co.za

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to