search

plone / Products.CMFPlone

The core of the Plone content management system
https://plone.org
GNU General Public License v2.0
243 stars 186 forks source link

api.env.adopt.roles ignored in api.content.find #3853

Open jensens opened 10 months ago

jensens commented 10 months ago

BUG REPORT

What I did:

with api.env.adopt_roles(["Manager"]):
    brains = api.content.find(id="foo")  # foo is workflow state private

What I expect to happen:

Catalog Brain of foo is listed in results.

What actually happened:

Empty list is returned.

Preliminary analysis

Products.CMFPlone.CatalogTool.searchResults https://github.com/plone/Products.CMFPlone/blob/64d3d97d783cb17404682d1206e6e4cf9b64100d/src/Products/CMFCore/CatalogTool.py#L175 adds the self._listAllowedRolesAndUsers to the result. It overrides the method of CMFCore https://github.com/plone/Products.CMFPlone/blob/64d3d97d783cb17404682d1206e6e4cf9b64100d/src/Products/CMFCore/CatalogTool.py#L175 While in CMFCore the proxy_roles are somehow taken into account, in the CMFPlone overrides those are ignored.

Workaround

Do not use plone.api, but the catalogs unrestrictedSearchResults (be careful here, you may get more than you want to show).

What version of Plone/ Addons I am using:

Plone 6.0.5

ale-rt commented 10 months ago

Weird! Did you check if Manager is listed in the allowRolesAndUsers index for foo? image

What happens if you had the role Reader?

jensens commented 10 months ago

It is not the indexed allowedRolesAndUsers, those are fine. It is, the context-manager adopted Manager is not returned by the catalogs self._listAllowedRolesAndUsers.