Chris McDonough wrote at 2005-3-10 11:28 -0500:
>I implemented a "publisherTraverse" function like this FWIW:
>
>def publisherTraverse(context, path):
> # this is a hack to get around the fact that restrictedTraverse,
> # unlike publisher traversal, does checks at every step of the
> # path. We don't want to limit access in this way (e.g. nested
> # shares are possible) so we reimplement restrictedTraverse in a
> # way that that emulates publisher traversal semantics
> ob = context.unrestrictedTraverse(path)
> user = getSecurityManager().getUser()
> if not user.has_permission('View', ob):
> raise zExceptions_Unauthorized, "cant traverse to %s" % path
> return ob
>
>Maybe this is better than using validate?
No, because it does not take executable permission context
into account (e.g. proxy roles).
--
Dieter
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
