Guys,

Dieter Maurer  <[EMAIL PROTECTED]> wrote:
> Roché Compaan wrote at 2005-2-25 17:22 +0200:
> >Last year in March the following checkin was made that changed
> >ZCatalog's getObject to use restrictedTraverse instead of
> >unrestrictedTraverse. See:
> >
> >http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html
> >
> >In my opininion this is wrong,
> 
> I agree with you!

Me also.

> > ...
> >I would propose that getObject does an unrestrictedTraverse of the path
> >and then checks if the user has permission to access that the object.
> 
> I argued precisely this approach with the person who made the
> change. I had the impression that I have convinced him -- but
> apparently, he did not change the code accordingly :-(
> 
> Maybe, a bug report to the collector will help?
> 
>        <http://www.zope.org/Collectors/Zope>

Roché has added http://www.zope.org/Collectors/Zope/1713

I intend to fix this before 2.7.5 final, probably today or tonight.
I feel this is sufficiently important to warrant a fix now.
I guess it'll mean an RC2.

Please shout if you find problems with this approach.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   [EMAIL PROTECTED]
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to