search

plone / plone.app.layout

Core visual components for Plone, such as viewlets and general views
10 stars 30 forks source link

Syndicating a private folder breaks the login #374

Closed ale-rt closed 1 week ago

ale-rt commented 1 week ago

BUG/PROBLEM REPORT (OR OTHER COMMON ISSUE)

Syndicating a private folder causes a redirect loop when visiting the login form.

What I did:

  1. Go to https://classic.demo.plone.org/en and login as manager
  2. Create a private collection
  3. Go to https://classic.demo.plone.org/@@syndication-controlpanel
  4. In the field Site RSS select the private collection
  5. Open a private window in your browser and browse to https://classic.demo.plone.org/login
  6. You will see a redirect loop

What I expect to happen:

I can see the login form

What actually happened:

I have a redirect loop: image

What version of Plone/ Addons I am using:

Plone 6.0.13 (6024)
CMF 3.5
Zope 5.10
Python 3.11.9 (main, Sep 4 2024, 23:13:27) [GCC 10.2.1 20210110]
PIL 9.5.0 (Pillow)
WSGI: On
Server: waitress 2.1.2
ale-rt commented 1 week ago

The reason is that when using the main template macro, you have some code that tries to resolve the UUID of the private object:

(Pdb++) __m(__stream, econtext.copy(), rcontext, __i18n_domain)
*** AccessControl.unauthorized.Unauthorized: You are not allowed to access 'aggregator' in this context
Traceback (most recent call last):
  File "/home/ale/Code/plone/projects/.../var/cache/1056f0e9fa470c393bb6518dcc76c43e.py", line 555, in render_master
    __cache_139755021912336 = _static_139755078391360('provider', 'plone.htmlhead.links', econtext=econtext)(_static_139755078435264(econtext, __zt_tmp))
  File "/home/ale/.buildout/eggs/cp38/zope.contentprovider-5.0-py3.8.egg/zope/contentprovider/tales.py", line 76, in __call__
    provider.update()
  File "/home/ale/.buildout/eggs/cp38/zope.viewlet-5.0-py3.8.egg/zope/viewlet/manager.py", line 157, in update
    self._updateViewlets()
  File "/home/ale/.buildout/eggs/cp38/zope.viewlet-5.0-py3.8.egg/zope/viewlet/manager.py", line 163, in _updateViewlets
    viewlet.update()
  File "/home/ale/.buildout/eggs/cp38/plone.app.layout-4.1.1-py3.8.egg/plone/app/layout/links/viewlets.py", line 159, in update
    obj = uuidToObject(uid)
  File "/home/ale/.buildout/eggs/cp38/plone.app.uuid-2.2.3-py3.8.egg/plone/app/uuid/utils.py", line 98, in uuidToObject
    return parent.restrictedTraverse(final_path)
  File "/home/ale/.buildout/eggs/cp38/Zope-5.10-py3.8.egg/OFS/Traversable.py", line 364, in restrictedTraverse
    return self.unrestrictedTraverse(path, default, restricted=True)
  File "/home/ale/.buildout/eggs/cp38/Zope-5.10-py3.8.egg/OFS/Traversable.py", line 296, in unrestrictedTraverse
    next = guarded_getattr(obj, name)