[Zope-CMF] portal_catalog.searchResults interaction with allowedUsersAndRoles

John Morton jwm@plain.co.nz
Wed, 27 Feb 2002 19:53:19 +1300


On Wednesday 27 February 2002 08:43, Dieter Maurer wrote:
> John Morton writes:
>  > .... portal catalog search results artificially restricted by roles ...
>  > So if the search results of a catalog search are governed by the usual
>  > security machinary anyway (this is the case, right?), what is the
>  > purpose of this allowedUsersAndRoles business?
>
> It is done to provide the nice property that a search result only
> contains hits that you may view.
>
> Without the "allowedUsersAndRoles" magic you will see search results
> that you cannot look at in detail. When you would click in the search
> overview, you would get a login request because you would not have
> view permission.

I see. I tested the behaviour at work with a standard 'View' protected 
product, and the catalog does behave itself - the allowedUserAndRoles magic 
does the right thing. I'll go though the same testing pattern on the 
development box at home and see if I can track the problem down.

Thanks,
John