You are not logged in Log in Join
You are here: Home » Members » jim » ZopeSecurity » ProblemsWithRequestBasedTraversal
Log in
Name

Password

 
Link icon Forgot your password?
 
Print

History for ProblemsWithRequestBasedTraversal

??changed:
-
There are times when one needs to convert an object
path to an object. It seemed that the the right way to do
this was to leverage the object publishers logic for object
traversal. This has proven to be problematic for a number of
reasons.

- The traversal protocol includes a method,
  '__bobo_traverse__', which is passed and sometimes
  mutates the request. For this reason, it is necessary
  to clone the request so that the original request is
  left unchanged. Cloning the request has proved to be
  exceedingly heavy and brittle.

- The publisher traversal authenticates the user and
  checks access only on the last object in the path.
  It is probably never the case that we wish to 
  authenticate the user, and run the risk of getting 
  a different user.  Further, we generally want to check
  access for every object in the path for the already
  [AUTHENTICATED_USER]. Sometimes, we don't want to
  check access at all.

- The publisher traversal process creates a new acquisition
  context. This breaks the current mechanism for
  LimitingAccessToAUsersPlace
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)