History for ProblemsWithRequestBasedTraversal
??changed:
-
There are times when one needs to convert an object
path to an object. It seemed that the the right way to do
this was to leverage the object publishers logic for object
traversal. This has proven to be problematic for a number of
reasons.
- The traversal protocol includes a method,
'__bobo_traverse__', which is passed and sometimes
mutates the request. For this reason, it is necessary
to clone the request so that the original request is
left unchanged. Cloning the request has proved to be
exceedingly heavy and brittle.
- The publisher traversal authenticates the user and
checks access only on the last object in the path.
It is probably never the case that we wish to
authenticate the user, and run the risk of getting
a different user. Further, we generally want to check
access for every object in the path for the already
[AUTHENTICATED_USER]. Sometimes, we don't want to
check access at all.
- The publisher traversal process creates a new acquisition
context. This breaks the current mechanism for
LimitingAccessToAUsersPlace