Plone traversing and forbidden Zope ids
Question
Although you can generate by code contents with an id that starts with underscore , like " _foo " it seems that you can't traverse an item with this special id. Every attempt to access a content named that way using a browser lead to a NotFound error. Neither methods like __bobotraverse__ or __getitem__ are called, like if this limitation is checked very early.
How this limitation works and how can I change it? Can I access subobjects with a prefix underscore in the id?
1 answers
solution1
6 ACCPTED 2016-02-11 18:08:08
Found inside the unrestrictedTraverse implementation from OFS.Traversable :
if name[0] == '_':
# Never allowed in a URL.
raise NotFound, name
...but this is not enough. There's another check similar to the ones notified by @Mathias inside ZPublisher.BaseRequest.DefaultPublishTraverse in the publishTraverse method.
if name[:1]=='_':
raise Forbidden("Object name begins with an underscore at: %s" % URL)
The sad part is that is not simple to override this:
- the
unrestrictedTraverseis called on the Plone site context (so I can't customize it only for my content type) - the
publishTraversemethod is owned by the request implementation (maybe for this I can use ad custom publish traverser?)
The simplest way to fix this seems through monkeypatch.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.