Resolution for bug #558: when restrictedTraverse() traverses using a

__bobo_traverse__ hook, and the hook returns an object that comes from
some other container, the security policy may incorrectly deny access.
This fix determines the container of the object based on its
aquisition wrappers, if available, and passes it to validate().

Also added a corresponding unit test.

lib/python/OFS/Traversable.py

@@ -12,8 +12,8 @@
 ##############################################################################
 '''This module implements a mix-in for traversable objects.
 
-$Id: Traversable.py,v 1.15 2002/08/14 21:42:56 mj Exp $'''
-__version__='$Revision: 1.15 $'[11:-2]
+$Id: Traversable.py,v 1.16 2002/09/12 21:20:52 shane Exp $'''
+__version__='$Revision: 1.16 $'[11:-2]
 
 
 from Acquisition import Acquired, aq_inner, aq_parent, aq_base
@@ -99,6 +99,7 @@ class Traversable:
             object = self
             while path:
                 name=pop()
+                __traceback_info__ = path, name
 
                 if name[0] == '_':
                     # Never allowed in a URL.
@@ -119,7 +120,11 @@ class Traversable:
 
                     if restricted:
                         container = N
-                        if has(o, 'im_self'):
+                        if aq_base(o) is not o:
+                            # The object is wrapped, so the acquisition
+                            # context determines the container.
+                            container = aq_parent(aq_inner(o))
+                        elif has(o, 'im_self'):
                             container = o.im_self
                         elif (has(get(object, 'aq_base', object), name)
                               and get(object, name) == o):

lib/python/OFS/tests/testTraverse.py

-import os, sys, unittest
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
 
+import os, sys, unittest
 import string, cStringIO, re
+
 import ZODB, Acquisition
 from OFS.Application import Application
 from OFS.Folder import manage_addFolder
 from OFS.Image import manage_addFile
+from OFS.SimpleItem import SimpleItem
 from Testing.makerequest import makerequest
 from AccessControl import SecurityManager
 from AccessControl.SecurityManagement import newSecurityManager
@@ -46,6 +61,17 @@ class UnitTestUser( Acquisition.Implicit ):
     def allowed( self, object, object_roles=None ):
         return 1
 
+
+class BoboTraversable(SimpleItem):
+    __allow_access_to_unprotected_subobjects__ = 1
+
+    def __bobo_traverse__(self, request, name):
+        if name == 'bb_subitem':
+            return BoboTraversable().__of__(self)
+        else:
+            raise KeyError
+
+
 def makeConnection():
     import ZODB
     from ZODB.DemoStorage import DemoStorage
@@ -127,6 +153,16 @@ class TestTraverse( unittest.TestCase ):
         self.failUnlessRaises( KeyError, self.folder1.unrestrictedTraverse,  '/folder1/file2' )
         self.failUnlessRaises( KeyError, self.folder1.unrestrictedTraverse,  '/folder1/file2/' )
 
+    def testTraverseThroughBoboTraverse(self):
+        # Verify it's possible to use __bobo_traverse__ with the
+        # Zope security policy.
+        noSecurityManager()
+        SecurityManager.setSecurityPolicy( self.oldPolicy )
+        bb = BoboTraversable()
+        self.failUnlessRaises(KeyError, bb.restrictedTraverse, 'notfound')
+        bb.restrictedTraverse('bb_subitem')
+
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest( unittest.makeSuite( TestTraverse ) )