[Zope-dev] ZCatalog getObject broken
Roché Compaan
roche at upfrontsystems.co.za
Fri Feb 25 10:22:32 EST 2005
Last year in March the following checkin was made that changed
ZCatalog's getObject to use restrictedTraverse instead of
unrestrictedTraverse. See:
http://mail.zope.org/pipermail/zope-checkins/2004-March/026846.html
In my opininion this is wrong, and just cost me a good three hours to
figure out why big parts of one of our apps broke after an upgrade to
Zope 2.7.3. What's worse is that there is nowhere a trace of this change
in HISTORY.txt or CHANGES.txt.
Anybody with a site structure that has less restrictive access deeper
into the site would agree that getObject should do an
unrestrictedTraverse. restrictedTraverse returns None as soon as it
traverses an object a user does not have access to, regardless if the
user has access to the object referred to by the full path. To
illustrate imagine the following:
You have a site with a folder containg documents at '/documents'. Inside
that folder you have a whole bunch of documents where users have a local
role of owner to give them permission to access only their own
documents. You use a Catalog query to get the list of documents
belonging to a particular user and want to use getObject to retrieve the
objects found. But, it won't work because restrictedTraverse already
fails when traversing the 'documents' folder.
I would propose that getObject does an unrestrictedTraverse of the path
and then checks if the user has permission to access that the object.
--
Roché Compaan
Upfront Systems http://www.upfrontsystems.co.za
More information about the Zope-Dev
mailing list