To try to clarify things even more:
The implementation of getObject I checked in a few days ago has the following properties:
1. it checks permissions only on the last step of the traversal,
2. it returns None if for some reason the object cannot be retrieved.
Now for the rationale:
1. is necessary in the presence of rights granted deeper in the hierarchy. There's no going around it.
2. is necessary for backward compatibility. *all* the previous implementations of getObject returned None in case of problems.
The implementation of 1. looks slightly convoluted but is necessary because we want to leave the details of the traversal (involving __bobo_traverse__, getitem, and checking security with the proper 'accessed' and 'container') to (un)restrictedTraverse.
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED]
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce