AccessInactivePortalContent in catalog queries

[thet]

Checked for AccessInactivePortalContent for each path in a catalog query.
This solves a problem, where Editors couldn't see inactive content, even though they had the required permission on a subpath of the portal (e.g. a subsite).

[jensens]

Overall I think this is fine. I would like to have someone else to look at it before merging.

[jensens]

Why an empty list here?

[thet]

That's a leftover from refactoring this method a couple of times... I'll change to False.

[jensens]

If you have more than one paths given, one not allowed will result in not showing the other path as well. Is it intended? Overall I think it's impossible (or at least difficult to do in a fast way) to implement.

[thet]

Yes, that's indented - I think it's better to be conservative here instead of showing too much content which shouldn't be shown.
Also, it's quite uncommon that two paths are used.

[jensens]

@mauritsvanrees since your also deeper into security, what do you think of this change?

[thet]

As discussed with @jensens this might need a broader discussion and therefore a PLIP.

As a prerequisite, that this change has any effect to editors is, that the editor role gets the AccessInactivePortalContent permission set. That way, they can see contents from other editors, which are expired or inactive. AFAIK, the Owner role has the AccessInactivePortalContent permisson. This has following impacts:

• Editors can see inactive portal content from other editors in the folder_contents view (which is actually very handy. Imagine someone creating a content or an automated import where the creator is set to the user who imported and another editor is editing the content and setting the publication date to the future. That another editor isn't able to find the content anymore).

• Inactive content will show up in listings (custom listings, collections, folder_summary_view, etc). If the number of items is limited (e.g. 10 batch items) it might push other content out of the view. The resulting listing will not correspond to the listing other persons will see, e.g. anonymous visitors to a page. This is actually a problem.

• Also, inactive content should be visually marked as such - like with workflow states.

Part of the solution could be to provide an additional parameter to searchResults to show inactive content, if the user has permission for it and use it in plone.app.content for the folder_contents listing.

[jensens]

While the overall new behavior is correct we have some side effects in existing projects needing some more discussion.

So please do NOT merge.

[thet]

Ideas to visually mark inactive content in folder_contents:

• not-effecive conten in italic: Title of the content item
• expired content striked through: Title of the content item

At some time in the future we might be able to use: https://developer.mozilla.org/de/docs/Web/CSS/text-decoration

Not sure, how to explain that to the user. We currently do not have a legend for such visual markings in folder_contents.

[jensens]

Overall after merging this, the only behavioral change is that editors in local roles are seeing in their section the same as editors in global roles which I think is a good thing.

The other problems are still there and we already have them for global roles editors.

I propose to fix these problems in a different PR.

[mauritsvanrees]

I didn't have time previously to look at this, but I had a look now, and I agree. Thanks for the fix!