Christian Theune wrote:

we are wondering about the behaviour in the following situation:

* self is a view and we're in a method of that view

* self.context is an instance of class A (A is a content class and a folder)

* self.context is security proxied

* class A has a method doStuff

* we call self.context.doStuff()

* in doStuff, self is not proxied

* accessing other things through self[id] in doStuff does not give a
  proxied object

Result: code can perform operations that users normally could not do,
without anybody calling "removeAllProxies" explicitly.


Is this intentional?

Yes.  self is never proxied.

> I'm not sure about that. I feel like those calls
should work with proxied objects as well.

I don't agree.  At some point, you have to trust code,
especially methods.


PS: It seems that the _zope_security_proxy.c code and the corresponding
Python code are a little bit out of sync. The C-code does a little bit
more that isn't in the python code anymore. See this patch:
---  (Revision 41246)
+++  (Arbeitskopie)
@@ -371,6 +371,9 @@
     if checker is NoProxy:
         return None

+    if checker is _defaultChecker and isinstance(object, Exception):
+        return None
     while not isinstance(checker, Checker):
         checker = checker(object)
         if checker is NoProxy or checker is None:

As stated in _zope_security_proxy.c line 495:

/*     if checker is _defaultChecker and isinstance(object, Exception):
/*         return None */

  if (checker == _defaultChecker
      && PyObject_IsInstance(object, PyExc_Exception))
      return Py_None;

Good point.


Jim Fulton           mailto:[EMAIL PROTECTED]       Python Powered!
CTO                  (540) 361-1714  
Zope Corporation
Zope3-dev mailing list

Reply via email to