zope.security

Location proxied rocks get protected

Bug #516588 reported by Brian Sutherland
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope 3
Won't Fix
Undecided
Unassigned
zope.security
Won't Fix
Medium
Jim Fulton

Bug Description

ProxyFactory(LocationProxy(rock)) results in a non-accessable object.

Attached is a patch containing a failing test.

Revision history for this message
Brian Sutherland (jinty) wrote :
Tres Seaver (tseaver)
Changed in zope3:
status: New → Won't Fix
Tres Seaver (tseaver)
tags: added: bugday20100424
Revision history for this message
Tres Seaver (tseaver) wrote :

I can confirm that the suggested test fails, and that (from my [understanding of the model) it should pass.

The problem arises into the monkey-patch of the DecoratedSecurityCheckerDescriptor as the __Security_checker__ for location proxies. That descriptor insists that either the unwrapped object has a checker, or falls back to the wrapper. However, the case where 'selectChecker(proxied_object)' returns None implies that no security proxy is to be used at all. There are tests which assert the (seemingly incorrect) behavior of honoring the checker on the wrapper.

I'm assigning this to Jim, as I don't think anybody else understands the model well enough to make the call here.

Changed in zope.security:
assignee: nobody → Jim Fulton (jim-zope)
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Tres Seaver (tseaver) wrote :

Now tracked on Github:

  https://github.com/zopefoundation/zope.security/issues/5

Changed in zope.security:
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.