You are not logged in Log in Join
You are here: Home » Members » jim » ZopeSecurity » ProblemsWithRequestBasedTraversal
Log in
Name

Password

 
Link icon Forgot your password?
 
Print
FrontPage »

ProblemsWithRequestBasedTraversal

There are times when one needs to convert an object path to an object. It seemed that the the right way to do this was to leverage the object publishers logic for object traversal. This has proven to be problematic for a number of reasons.

  • The traversal protocol includes a method, __bobo_traverse__, which is passed and sometimes mutates the request. For this reason, it is necessary to clone the request so that the original request is left unchanged. Cloning the request has proved to be exceedingly heavy and brittle.
  • The publisher traversal authenticates the user and checks access only on the last object in the path. It is probably never the case that we wish to authenticate the user, and run the risk of getting a different user. Further, we generally want to check access for every object in the path for the already [AUTHENTICATED_USER]?. Sometimes, we don't want to check access at all.
  • The publisher traversal process creates a new acquisition context. This breaks the current mechanism for LimitingAccessToAUsersPlace
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)