I implemented a "publisherTraverse" function like this FWIW:
def publisherTraverse(context, path):
# this is a hack to get around the fact that restrictedTraverse,
# unlike publisher traversal, does checks at every step of the
# path. We don't want to limit access in this way (e.g. nested
# shares are possible) so we reimplement restrictedTraverse in a
# way that that emulates publisher traversal semantics
ob = context.unrestrictedTraverse(path)
user = getSecurityManager().getUser()
if not user.has_permission('View', ob):
raise zExceptions_Unauthorized, "cant traverse to %s" % path
Maybe this is better than using validate?
On Thu, 2005-03-10 at 11:06, Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Florent Guillaume wrote:
> | Dieter Maurer <[EMAIL PROTECTED]> wrote:
> |>RochÃ Compaan wrote at 2005-2-25 17:22 +0200:
> |>> Last year in March the following checkin was made that changed
> |>> ZCatalog's getObject to use restrictedTraverse instead of
> |>> unrestrictedTraverse. See:
> |>>In my opininion this is wrong,
> |>I agree with you!
> | Me also.
> |>> I would propose that getObject does an unrestrictedTraverse of
> |>> the path and then checks if the user has permission to access
> |>> that the object.
> |> I argued precisely this approach with the person who made the
> |> change. I had the impression that I have convinced him -- but
> |> apparently, he did not change the code accordingly :-(
> |>Maybe, a bug report to the collector will help?
> |> <http://www.zope.org/Collectors/Zope>
> | RochÃ has added http://www.zope.org/Collectors/Zope/1713
> | I intend to fix this before 2.7.5 final, probably today or tonight. I
> | feel this is sufficiently important to warrant a fix now. I guess
> | it'll mean an RC2.
> | Please shout if you find problems with this approach.
> Please note that calling 'validate' without passing the correct values
> for 'container', 'accessed', and 'name' may lead to unexpected results
> (it tries to guess, but may not be clever enough, especially if there is
> any weird wrapping / unwrapping in play). This was essentially the
> issue which led to the "spurious Unauthorized error" problem in Zope
> 2.7.3 (this point is germane or issue #1534, as well as #1713).
> - --
> Tres Seaver [EMAIL PROTECTED]
> Zope Corporation "Zope Dealers" http://www.zope.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Zope-Dev maillist - Zope-Dev@zope.org
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope )
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -