-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris McDonough wrote:
| I implemented a "publisherTraverse" function like this FWIW:
|
| def publisherTraverse(context, path):
|     # this is a hack to get around the fact that restrictedTraverse,
|     # unlike publisher traversal, does checks at every step of the
|     # path.  We don't want to limit access in this way (e.g. nested
|     # shares are possible) so we reimplement restrictedTraverse in a
|     # way that that emulates publisher traversal semantics
|     ob = context.unrestrictedTraverse(path)
|     user = getSecurityManager().getUser()
|     if not user.has_permission('View', ob):
|         raise zExceptions_Unauthorized, "cant traverse to %s" % path
|     return ob

I don't think that the 'has_permission' check is quite right:  at least,
that isn't what the publisher does.  'ZPublisher.BaseRequest.traverse'
collects roles during the traversal, and then calls the user folder's
'validate', passing them at the end.  Note as well that 'View' may not
be the permission which is protecting the traversed-to object).

The "correct" emulation would probably be to call the user object's
'authorize' method, passing the proper values for accessed, container,
name, value, and roles.  Figuring out the proper values is left as an
exercise for the reader ;).

Oracular'ly,

Tres.
- --
===============================================================
Tres Seaver                                [EMAIL PROTECTED]
Zope Corporation      "Zope Dealers"       http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMIAxGqWXf00rNCgRAicEAJ4xoSRVeFBDNGixfenZsXK58aN/zACfUbFF
SNfOYkCwgZyV30fl1H3ttko=
=rdT7
-----END PGP SIGNATURE-----

_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to