Issue 312: unrestricted find

[gogobd]

Maybe we want this; unrestricted find is necessary because proxy roles are not being handled correctly atm.

[mister-roboto]

@gogobd thanks for creating this Pull Request and helping to improve Plone!

TL;DR: Finish pushing changes, pass all other checks, then paste a comment:

@jenkins-plone-org please run jobs

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically.

Happy hacking!

[stevepiercy]

I reviewed docs only. A maintainer should review further.

[ale-rt]

Hi @gogobd, good idea :)
This test masks the one defined in line 908. It should have another name. In addition, it would be good to verify we find a different number of results in case we ask for an unrestricted search :)

[mauritsvanrees]

The function was renamed, which is good. Well, I see a typo in the name: test_unTrestricted_find.

But it still finds the same number of results with or without unrestricted=True, so it does not tell us much. Can you add a document that is not found in test_find, but is found in test_unrestricted_find? I guess set an expiry date.

[gogobd]

@mauritsvanrees An expiry date in the past did't do it; I don't know how to create an object that is only found with "unrestricted=True"...

[gogobd]

I tried .start and .end and .effective and .expires; none of those made a difference...

[davisagli]

@gogobd The catalog's searchResults method does not filter by effective/expires if the current user has the "Access inactive portal content" permission (see https://github.com/plone/Products.CMFPlone/blob/master/Products/CMFPlone/CatalogTool.py#L405), so it won't work if your test is running with the Manager role.

I'd suggest:

1. create a document that you do not publish
2. use setRoles to switch current roles to Anonymous
3. now the document should be missing with unrestricted=False, because it's filtered out based on the allowedRolesAndUsers index (https://github.com/plone/Products.CMFPlone/blob/master/Products/CMFPlone/CatalogTool.py#L403)

[gogobd]

I just logged out and that did the trick!

[gogobd]

In #523 @ksuess suggested to stick to one Pull Request, so I reopen...

[mister-roboto]

@gogobd thanks for creating this Pull Request and helping to improve Plone!

TL;DR: Finish pushing changes, pass all other checks, then paste a comment:

@jenkins-plone-org please run jobs

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically.

Happy hacking!

[gogobd]

@jenkins-plone-org please run jobs

[davisagli]

@gogobd This file's extension needs to match one of the predefined categories from https://github.com/plone/plone.api/blob/master/pyproject.toml

Use .feature for this one.

[davisagli]

@gogobd Thanks, this looks like a helpful improvement. Just needs one small fix to the name of the towncrier file.

[gogobd]

@jenkins-plone-org please run jobs

[gogobd]

I have no idea what this "tox linkcheck" wants to do, please help.

[stevepiercy]

@gogobd see https://github.com/plone/plone.api/blob/master/tox.ini#L186-L197

[stevepiercy]

Argh, it's that thing again. I'll push a commit to this PR that will fix it.

  The sphinxcontrib.applehelp extension used by this project needs at least Sphinx v5.0; it therefore cannot be built with this version.

[stevepiercy]

Actually, I'll push a separate PR so it has its own changelog, and you can cherry pick it.

[stevepiercy]

Forget that, it already was fixed two weeks ago in 4b91ad8, which was released in plone.api 2.0.9.

Hmm, for some reason tox -e linkcheck does not use the pinned version of sphinxcontrib-applehelp==1.0.4 in https://github.com/plone/plone.api/blob/master/requirements-docs.txt#L14C1-L14C14, but instead uses sphinxcontrib-applehelp==1.0.8. Why is that?

https://github.com/plone/plone.api/actions/runs/7981002081/job/21791817987?pr=522#step:6:14 says linkcheck: install_deps> python -I -m pip install -r requirements-docs.txt.

Later that gets clobbered in https://github.com/plone/plone.api/actions/runs/7981002081/job/21791817987?pr=522#step:6:23 with linkcheck: install_package> python -I -m pip install --force-reinstall --no-deps /home/runner/work/plone.api/plone.api/.tox/.tmp/package/1/plone.api-2.0.7.dev0-0.editable-py3-none-any.whl. Why is it 2.0.7 and not 2.0.9?

This is above my pay grade for how to resolve.

[wesleybl]

The branch needs to be updated.

[stevepiercy]

Docs pass now. LGTM.

linkcheck now passes

Requested change (rename news snippet) has been done.

[mauritsvanrees]

Thanks!

[gogobd]

YAY! Thanks, every 01!