Closed holdenhao closed 5 years ago
btw. this is also an issue with p.a.widgets 1.10 and Plone 4.3.x ... if the user wants to categorize the content in the AddForm (keywords, related items, etc ...) the vocabulary lookup is unauthorized when the container is not editable ... @jensens or @ale-rt maybe someone of you can give me a hint where to backport this from p.a.content (since the vocabulary views are there in Plone 5), so I could commit a fix to the 1.x branch here ...
As far as I can see the same "problem" (feature?) should be present also on plone.app.content master:
Looking at the code (so I might miss something) you may solve this issue either providing an IFieldPermissionChecker adapter for your context or overriding the VocabularyView for your context.
I would say the adapter way is the one to go.
@ale-rt thanks for your suggestion. I think the solution for the general AddForm
problem is to set the DEFAULT_PERMISSION
to Add portal content
like p.a.dexterity does here: https://github.com/plone/plone.app.dexterity/blob/master/plone/app/dexterity/permissions.py#L115 ... I'm preparing a pull request for this.
as far as I can see, the solution for @holdenhao would be a form schema hint directives.write_permission(parking_units='zope2.View')
as described here https://docs.plone.org/external/plone.app.dexterity/docs/reference/form-schema-hints.html
DEFAULT_PERMISSION issue is fixed in 1.x branch. @holdenhao can you confirm my suggestion as solution for your problem? then we could close this thread.
@holdenhao 1.11 was released yesterday ... should fix this. If not, please reopen.
I am using p.a.widgets 1.9.1 on Plone 4.3.12 and I get the lookup error on my tuple field behavior.
the behavior:
the vocabulary:
The setting of the 'View' permission for my custom vocabulary above should have allowed a regular site user to use the AjaxSelectWidget. However, the system returns the lookup error. Debugging p.a.widgets, I found that the DXFieldPermissionChecker validate method is returning the default 'Modify portal content' as the required permission needed by a regular user. I really do not want to give the user modify permission on the container.
In p.a.w.b.vocabulary.py
The above lines should have made my custom vocabulary permission to take effect but since it uses the "and" operator and the INavigtaionRoot interface test failed, the code in effect became the field_name check which sets the default permission to "Modify portal content".