[Zope-dev] CatalogBrains.getObject and unrestricted code

Florent Guillaume fg at nuxeo.com
Mon Nov 29 12:39:12 EST 2004


Yes, http://collector.zope.org/Zope/1534 is related.

But in any case if getObject returns a subset of available objects (and 
None or Unauthorized for the others), we still needs a _getObject method 
that returns all of them, for unrestricted code.

Florent

Andreas Jung wrote:
> 
> 
> --On Montag, 29. November 2004 18:15 Uhr +0100 Florent Guillaume 
> <fg at nuxeo.com> wrote:
> 
>> In ZCatalog's brains, getObject currently does a restrictedTraverse to
>> get the object. That's a problem for unrestricted code that needs to get
>> to the object nevertheless, even if the user cannot get to it.
>>
>> For instance CMF is impacted, when it tries to reindex the security of
>> all subobjects of a given object.
>>
>> Unless someone is opposed to it, I'll add a _getObject method that does
>> an unrestrictedTraverse, and make CMF use it if available.
>>
> 
> There is already a collector issue #1534 where ChrisW tracked something 
> down
> in Traversable.py. However I have no idea if this is true or related to 
> the problem.
> 
> Andreas


-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com


More information about the Zope-Dev mailing list