[Zope-dev] CatalogBrains.getObject and unrestricted code
fg at nuxeo.com
Mon Nov 29 12:39:12 EST 2004
Yes, http://collector.zope.org/Zope/1534 is related.
But in any case if getObject returns a subset of available objects (and
None or Unauthorized for the others), we still needs a _getObject method
that returns all of them, for unrestricted code.
Andreas Jung wrote:
> --On Montag, 29. November 2004 18:15 Uhr +0100 Florent Guillaume
> <fg at nuxeo.com> wrote:
>> In ZCatalog's brains, getObject currently does a restrictedTraverse to
>> get the object. That's a problem for unrestricted code that needs to get
>> to the object nevertheless, even if the user cannot get to it.
>> For instance CMF is impacted, when it tries to reindex the security of
>> all subobjects of a given object.
>> Unless someone is opposed to it, I'll add a _getObject method that does
>> an unrestrictedTraverse, and make CMF use it if available.
> There is already a collector issue #1534 where ChrisW tracked something
> in Traversable.py. However I have no idea if this is true or related to
> the problem.
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com fg at nuxeo.com
More information about the Zope-Dev