[Zope-CMF] portal_catalog.searchResults interaction with allowedUsersAndRoles

[John Morton]

I've been having some grief using the searchResults method of the 
portal_catalog, in that I couldn't figure out why it wasn't returning as 
many matching objects of a particular type when I could access them by URL 
without any problems, as a particular user. 

I did some digging in the source and found that the portal_catalog version of 
searchResults automatically adds allowedUsersAndRoles to the search keywords, 
filled with the querying user's roles and name, so that the results need to 
have at least one of the roles or users in there indexed allowedUsersAndRoles 
field (I presume). I didn't go as far as figuring out how the values in a 
given object's allowedUsersAndRoles field is generated, but I assume it 
relates to the object's owner in some fashion.

The problem I ran into immediately related to the fact that some objects I'd 
created and where searching for where created by a management user from an 
acl_users below the CMF site instance, and consequently only had that user 
name and 'Manager' in each object allowedUsersAndRoles. 

So if the search results of a catalog search are governed by the usual 
security machinary anyway (this is the case, right?), what is the purpose of 
this allowedUsersAndRoles business?

Thanks,
John