You are not logged in Log in Join
You are here: Home » Members » jim » ZopeSecurity » ProblemsWithRequestBasedTraversal » wikipage_view

Log in


FrontPage »


There are times when one needs to convert an object path to an object. It seemed that the the right way to do this was to leverage the object publishers logic for object traversal. This has proven to be problematic for a number of reasons.

  • The traversal protocol includes a method, __bobo_traverse__, which is passed and sometimes mutates the request. For this reason, it is necessary to clone the request so that the original request is left unchanged. Cloning the request has proved to be exceedingly heavy and brittle.
  • The publisher traversal authenticates the user and checks access only on the last object in the path. It is probably never the case that we wish to authenticate the user, and run the risk of getting a different user. Further, we generally want to check access for every object in the path for the already [AUTHENTICATED_USER]?. Sometimes, we don't want to check access at all.
  • The publisher traversal process creates a new acquisition context. This breaks the current mechanism for LimitingAccessToAUsersPlace