Location proxied rocks get protected
Bug #516588 reported by
Brian Sutherland
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 3 |
Won't Fix
|
Undecided
|
Unassigned | ||
zope.security |
Won't Fix
|
Medium
|
Jim Fulton |
Bug Description
ProxyFactory(
Attached is a patch containing a failing test.
Changed in zope3: | |
status: | New → Won't Fix |
tags: | added: bugday20100424 |
To post a comment you must log in.
I can confirm that the suggested test fails, and that (from my [understanding of the model) it should pass.
The problem arises into the monkey-patch of the DecoratedSecuri tyCheckerDescri ptor as the __Security_ checker_ _ for location proxies. That descriptor insists that either the unwrapped object has a checker, or falls back to the wrapper. However, the case where 'selectChecker( proxied_ object) ' returns None implies that no security proxy is to be used at all. There are tests which assert the (seemingly incorrect) behavior of honoring the checker on the wrapper.
I'm assigning this to Jim, as I don't think anybody else understands the model well enough to make the call here.