-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andreas Jung wrote: | | | --On Freitag, 25. Februar 2005 20:21 Uhr +0100 Dieter Maurer | <[EMAIL PROTECTED]> wrote: | |> Roché Compaan wrote at 2005-2-25 17:22 +0200: |> |>> Last year in March the following checkin was made that changed |>> ZCatalog's getObject to use restrictedTraverse instead of |>> unrestrictedTraverse. See: |>> |>> http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html |>> |>> In my opininion this is wrong, |> |> |> I agree with you! |> |>> ... |>> I would propose that getObject does an unrestrictedTraverse of the path |>> and then checks if the user has permission to access that the object. |> |> |> I argued precisely this approach with the person who made the |> change. I had the impression that I have convinced him -- but |> apparently, he did not change the code accordingly :-( |> |> Maybe, a bug report to the collector will help? |> |> <http://www.zope.org/Collectors/Zope> |> | | Best to include a patch as well :-)
And a new test which fails under the current code, but succeeds with the patch. ;)
Tres. - -- =============================================================== Tres Seaver [EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCH50UGqWXf00rNCgRAradAJ9/v/nU3iZEALYK+7hI2NYZCZbi0ACggAxm
l4LfqI3+RYCI8VRHV9cz0rU=
=4SWg
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )