Garito wrote at 2006-11-9 03:07 +0100: > ... >> What you see is an authentication weekness with "__bobo_traverse__": >> >> Zope's security machinery requires acquisition wrappers >> to work reliably. >> >> When "__bobo_traverse__" returns a non acquisition wrapped >> object without public security declarations, then the >> normal security check would not help. >> >> Zope therefore tries to check whether a standard 'getattr' would >> return the same object and accept it in this case. >> Otherwise, it will raise "Unauthorized" with the intent >> that an unmotivated "Unauthorized" is better than giving >> access to some piece of information that should be protected. >> >> >> In my view, the behaviour is buggy as "__bobo_traverse__" has >> no way to return a non-trivial elementary data type -- but >> almost surely, it will not be changed... > ... >Then: what solution did you think will be the best solution for my request?
You may try to return a wrapper that behaves the same way as the original object (by deriving from the respective type) but has "__roles__ = None" as additional attribute (which declares the object public). -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )