Zope 2

manage_workspace logic is buggy

Bug #142595 reported by oliverb
4
Affects Status Importance Assigned to Milestone
Zope 2
Invalid
Low
Unassigned

Bug Description

in App/Management.py there is manage_workspace defined, whose duty it is to dispatch to the first item of manage_options which is allowed for the user.

Additionally, it seems that manage_workspace recognize if the action for this option contains a slash:

    def manage_workspace(self, REQUEST):
        """Dispatch to first interface in manage_options
        """
        options=self.filtered_manage_options(REQUEST)
        try:
            m=options[0]['action']
            if m=='manage_workspace': raise TypeError
        except:
            raise Unauthorized, (
                'You are not authorized to view this object.')

        if m.find('/'):
            raise 'Redirect', (
                "%s/%s" % (REQUEST['URL1'], m))

        return getattr(self, m)(self, REQUEST)

The last three lines don't seem to do anything sensible, because an attribute error will be raised if m='/something', and otherwise there will always be the redirect.

Possible Fix:
        if (m.find('/')+1):
         ...

Tags: bug zope
Revision history for this message
Jamie Heilman (jamie-audible) wrote :

this issue was fixed with the patch for #1058

Revision history for this message
Andreas Jung (ajung) wrote :

Status: Pending => Resolved

closing

Revision history for this message
Brett Carter (bacarter) wrote :

This bug still appears in zope 2.9.8, also in zope 2 trunk:
http://svn.zope.org/Zope/trunk/lib/python/App/Management.py

Looks like the patch was removed here:
http://svn.zope.org/Zope/trunk/lib/python/App/Management.py?rev=24055&r1=24029&r2=24055

Can we revisit this issue? Or at least put a comment here explaining the wacky-ness?

Changed in zope2:
status: Fix Released → Incomplete
Hanno Schlichting (hannosch)
Changed in zope2:
status: Incomplete → New
Revision history for this message
Tres Seaver (tseaver) wrote :

The fix was referted because it broke backward compatibility in some way.

Changed in zope2:
importance: Medium → Low
status: New → Triaged
Revision history for this message
Colin Watson (cjwatson) wrote :

The zope2 project on Launchpad has been archived at the request of the Zope developers (see https://answers.launchpad.net/launchpad/+question/683589 and https://answers.launchpad.net/launchpad/+question/685285). If this bug is still relevant, please refile it at https://github.com/zopefoundation/zope2.

Changed in zope2:
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.