Guys, Dieter Maurer <[EMAIL PROTECTED]> wrote: > Roché Compaan wrote at 2005-2-25 17:22 +0200: > >Last year in March the following checkin was made that changed > >ZCatalog's getObject to use restrictedTraverse instead of > >unrestrictedTraverse. See: > > > >http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html > > > >In my opininion this is wrong, > > I agree with you!
Me also. > > ... > >I would propose that getObject does an unrestrictedTraverse of the path > >and then checks if the user has permission to access that the object. > > I argued precisely this approach with the person who made the > change. I had the impression that I have convinced him -- but > apparently, he did not change the code accordingly :-( > > Maybe, a bug report to the collector will help? > > <http://www.zope.org/Collectors/Zope> Roché has added http://www.zope.org/Collectors/Zope/1713 I intend to fix this before 2.7.5 final, probably today or tonight. I feel this is sufficiently important to warrant a fix now. I guess it'll mean an RC2. Please shout if you find problems with this approach. Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
