Closed jensens closed 2 years ago
mauritsvanrees
commented
3 years ago So in _adopt_roles we currently have:
security_manager.addContext(overriding_context)
yield
security_manager.removeContext(overriding_context)and that should probably be:
security_manager.addContext(overriding_context)
try:
yield
finally:
security_manager.removeContext(overriding_context)And the same should be done in _adopt_user.
I did not test it, but this ought to help, right?
jensens
commented
3 years ago I did not test it, but this ought to help, right?
Looks like this is the missing piece.
mliebischer
commented
2 years ago I recently encountered the same situation with plone.api v1.10. I was very surprised until I understood what had actually happened. :astonished: :scream:
The problem seems to still exist in current versions of plone.api, see:
I did a quick test and try out the suggested solution and it solved the problem for my case.
Is there any news on this or plans to implement it?
jensens
commented
2 years ago Is there any news on this or plans to implement it?
Warm welcome for any pull request ;-)
mauritsvanrees
commented
2 years ago Duplicate of issue #374. Fixed last month in PR #493, included in 2.0.0b2.
If an exception occurs in an
api.env.adopt_rolescontext manager block, it will be raised with elevated permissions. If the role has permission to see the full traceback, it will be displayed. If the role has permission to see the toolbar, it will be rendered.Example, in a view
__call__do:Anonymous gets all rendered on the error page an manager might see.