Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require 'List folder contents' permission to use the catalog vocabulary. #261

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Require 'List folder contents' permission to use the catalog vocabulary. #261

wants to merge 1 commit into from

Conversation

mauritsvanrees
Copy link
Member

This is more correct than the View permission.

@mister-roboto

This comment was marked as resolved.

Sign in to view
@mauritsvanrees mauritsvanrees force-pushed the maurits-catalog-vocabulary-list-folder-contents branch from 177b435 to 3aa8f39 Compare February 20, 2023 16:03
@mauritsvanrees
Copy link
Member Author

Let's see if Jenkins thinks this is a good idea too.

@jenkins-plone-org please run jobs

@jensens
Copy link
Member

jensens commented Feb 20, 2023

Sounds better suited, but it may break something in heavily customized sites. The usual restrictions of the restrictedSearch do apply anyway, so even with View no harm is done IMO.

@jensens jensens requested a review from ale-rt April 24, 2023 21:39
@ale-rt
Copy link
Member

ale-rt commented Apr 26, 2023

I agree that List folder contents looks like a better fit, but:

  1. I am not really sure if we want to change this in a minor release
  2. I am not sure if we want to change it at all

I am +0 on merging this one now.
I would feel more confident to merge this for Plone 6.1 only, but I might be too conservative and overcautious.

thet
thet requested changes Aug 6, 2024
View reviewed changes
Copy link
Member

@thet thet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

But I just wonder if that is a breaking change. OK, for a breaking change the effect is probably too small, but I would mention the different widgets where this change has an effect in the changelog message.

The getVocabulary seems to be used in:

  • plone.app.content folder contents
  • plone.app.querystring.
  • related items widget (plone.app.z3cform.widgets.relateditems)
  • link widget (plone.app.z3cform.widgets.link)
  • ajax select widget (plone.app.z3cform.widgets.select)
  • related items in TinyMCE (Products.CMFPlone.patterns.settings)
  • TinyMCE link widget and related items widget

@tisto
Copy link
Member

tisto commented Sep 24, 2024

@mauritsvanrees what the status of this? This PR is somehow assigned to the Plone 6.1 project. Is this correct? Do we aim to include this in Plnoe 6.1?

@mauritsvanrees mauritsvanrees marked this pull request as draft September 24, 2024 18:09
@mauritsvanrees
Copy link
Member Author

Theoretically this is better, and it gives some security hardening, but at the cost potentially breaking stuff. I am not pursuing this currently. I have reverted the PR to draft.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thet thet thet requested changes

@jensens jensens Awaiting requested review from jensens

@ale-rt ale-rt Awaiting requested review from ale-rt

Assignees
No one assigned
Labels
None yet
Projects
Plone 6.1
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@mauritsvanrees @mister-roboto @jensens @ale-rt @tisto @thet