Hi,
I found this code in PAS, which is mostly lifted from AccessControl.userfolder:
def _getObjectContext( self, v, request ):
""" request -> ( a, c, n, v )
o 'a 'is the object the object was accessed through
o 'c 'is the physical container of the object
o 'n 'is the name used to access the object
o 'v' is the object (value) we're validating access to
o XXX: Lifted from AccessControl.User.BasicUserFolder._getobcontext
"""
if len( request.steps ) == 0: # someone deleted root index_html
request[ 'RESPONSE' ].notFoundError(
'no default view (root default view was probably deleted)' )
root = request[ 'PARENTS' ][ -1 ]
request_container = aq_parent( root )
n = request.steps[ -1 ]
# default to accessed and container as v.aq_parent
a = c = request[ 'PARENTS' ][ 0 ]
# try to find actual container
inner = aq_inner( v )
innerparent = aq_parent( inner )
if innerparent is not None:
# this is not a method, we needn't treat it specially
c = innerparent
elif hasattr(v, 'im_self'):
# this is a method, we need to treat it specially
c = v.im_self
c = aq_inner( v )
# if pub's aq_parent or container is the request container, it
# means pub was accessed from the root
if a is request_container:
a = root
if c is request_container:
c = root
return a, c, n, v
Look at this bit again:
elif hasattr(v, 'im_self'):
# this is a method, we need to treat it specially
c = v.im_self
c = aq_inner( v )
In AccessControl, it's similar:
elif hasattr(v, 'im_self'):
# this is a method, we need to treat it specially
c = v.im_self
c = getattr(v, 'aq_inner', v)
Surely, this isn't right? What is the correct thing to do here?
Martin
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope )
