Merge bug fix from Zope-2_4-branch

ceda652e · Evan Simpson · 9c5e8921 · ceda652e
Commit ceda652e authored Aug 29, 2001 by Evan Simpson
Show whitespace changes
Inline Side-by-side

Showing with 21 additions and 16 deletions

lib/python/OFS/Traversable.py lib/python/OFS/Traversable.py +21 -16

No files found.
--- a/lib/python/OFS/Traversable.py
+++ b/lib/python/OFS/Traversable.py
@@ -84,11 +84,11 @@
 ##############################################################################
 '''This module implements a mix-in for traversable objects.

-$Id: Traversable.py,v 1.8 2001/05/21 19:47:28 evan Exp $'''
-__version__='$Revision: 1.8 $'[11:-2]
+$Id: Traversable.py,v 1.9 2001/08/29 21:02:57 evan Exp $'''
+__version__='$Revision: 1.9 $'[11:-2]


-import Acquisition
+from Acquisition import Acquired, aq_inner, aq_parent, aq_base
 from AccessControl import getSecurityManager
 from string import split, join
 from urllib import quote
@@ -118,8 +118,8 @@ class Traversable:
            return join(path, '/')
        return join([req['SERVER_URL']] + req._script + path, '/')

-    getPhysicalRoot=Acquisition.Acquired
    getPhysicalRoot__roles__=() # Private
+    getPhysicalRoot=Acquired

    getPhysicalPath__roles__=None # Public
    def getPhysicalPath(self):
@@ -130,9 +130,9 @@ class Traversable:
        '''
        path = (self.getId(),)
        
-        p = getattr(self,'aq_inner', None)
+        p = aq_parent(aq_inner(self)
        if p is not None: 
-            path = p.aq_parent.getPhysicalPath() + path
+            path = p.getPhysicalPath() + path

        return path

@@ -157,7 +157,7 @@ class Traversable:
            path.pop(0)

        if restricted: securityManager=getSecurityManager()
-        else: securityManager=None
+        else: securityManager=N

        if not path[-1]:
            # If the path starts with an empty string, go to the root first.
@@ -188,10 +188,15 @@ class Traversable:
                if t is not N:
                    o=t(REQUEST, name)

-                    # Note we pass no container, because we have no
-                    # way of knowing what it is
-                    if (restricted and not securityManager.validate(
-                        object, None, name, o)):
+                    if restricted:
+                        container = N
+                        if has(o, 'im_self'):
+                            container = o.im_self
+                        elif (has(get(object, 'aq_base', object), name)
+                              and get(object, name) == o):
+                            container = object
+                        if (not securityManager.validate(object,
+                                                         container, name, o)):
                            raise 'Unauthorized', name
                      
                else:
@@ -199,20 +204,20 @@ class Traversable:
                    if o is not M:
                        if restricted:
                            # waaaa
-                            if hasattr(get(object,'aq_base',object), name):
+                            if hasattr(aq_base(object), name):
                                # value wasn't acquired
                                if not securityManager.validate(
                                    object, object, name, o):
                                    raise 'Unauthorized', name
                            else:
                                if not securityManager.validate(
-                                    object, None, name, o):
+                                    object, N, name, o):
                                    raise 'Unauthorized', name
                        
                    else:
                        o=object[name]
                        if (restricted and not securityManager.validate(
-                            object, object, None, o)):
+                            object, object, N, o)):
                            raise 'Unauthorized', name

                object=o