Search does not respect local sharing for inactive contents

[laulaz]

Let's say that you want to give Access inactive portal content permission to Readers (site-wide). Then, you decide to share "Can read" access on a folder (via @@sharing) to a Member.

The search results will not show any inactive content to this user (ex: in folder_contents listing), because of this line : https://github.com/collective/collective.solr/blob/0549a1779d32834bf1ac4b4b7a50c6e908f8bbdb/src/collective/solr/monkey.py#L15 This happens because _checkPermission(AccessInactivePortalContent, self) checks the permission site-wide only ...

I fixed it by calling self.allow_inactive(kw) instead (from CMFPlone/CatalogTool.py) which, on the contrary, takes care of checking permission :

• site-wide
• on the search path (if any)

as its docstring states :

Check, if the user is allowed to see inactive content.
First, check if the user is allowed to see inactive content site-wide.
Second, if there is a 'path' key in the query, check if the user is allowed to see inactive content for these paths.
Conservative check: as soon as one path is disallowed, return False.
If a path cannot be traversed, ignore it.

Do you see any problem with this change ? I will propose a PR if no objection ...

[pbauer]

@laulaz Thanks for the fix! I just ran into the same issue 😄