Dieter Maurer <[EMAIL PROTECTED]> wrote:
> Roché Compaan wrote at 2005-2-25 17:22 +0200:
> >Last year in March the following checkin was made that changed
> >ZCatalog's getObject to use restrictedTraverse instead of
> >unrestrictedTraverse. See:
> >In my opininion this is wrong,
> I agree with you!
> > ...
> >I would propose that getObject does an unrestrictedTraverse of the path
> >and then checks if the user has permission to access that the object.
> I argued precisely this approach with the person who made the
> change. I had the impression that I have convinced him -- but
> apparently, he did not change the code accordingly :-(
> Maybe, a bug report to the collector will help?
Roché has added http://www.zope.org/Collectors/Zope/1713
I intend to fix this before 2.7.5 final, probably today or tonight.
I feel this is sufficiently important to warrant a fix now.
I guess it'll mean an RC2.
Please shout if you find problems with this approach.
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED]
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -