[Zope-CMF] portal_catalog.searchResults interaction with allowedUsersAndRoles
John Morton
jwm@plain.co.nz
Wed, 27 Feb 2002 19:53:19 +1300
On Wednesday 27 February 2002 08:43, Dieter Maurer wrote:
> John Morton writes:
> > .... portal catalog search results artificially restricted by roles ...
> > So if the search results of a catalog search are governed by the usual
> > security machinary anyway (this is the case, right?), what is the
> > purpose of this allowedUsersAndRoles business?
>
> It is done to provide the nice property that a search result only
> contains hits that you may view.
>
> Without the "allowedUsersAndRoles" magic you will see search results
> that you cannot look at in detail. When you would click in the search
> overview, you would get a login request because you would not have
> view permission.
I see. I tested the behaviour at work with a standard 'View' protected
product, and the catalog does behave itself - the allowedUserAndRoles magic
does the right thing. I'll go though the same testing pattern on the
development box at home and see if I can track the problem down.
Thanks,
John