Plone 3.0 ftest failure with published folder and anonymous access

Derek Richardson derek.richardson at
Wed Aug 22 01:14:44 UTC 2007

This entire post is a doctest. I am going to display my lack of understanding
of how to publish a folder in Plone 3.0. Hopefully, after reading this and,
perhaps, running it, you'll be able to tell me what I'm doing wrong.

Step zero is paying attention to all exceptions and making the implicit
user a Manager so she can create a folder.

     >>> self.portal.error_log._ignored_exceptions = ()
     >>> self.setRoles(['Manager'])

First, let's set up a new folder.

     >>> location = self.folder
     >>> ignore = location.invokeFactory('Folder', id='fubar', title='title')
     >>> item = location['fubar']

Now, get a reference to the workflow tool.

     >>> from Products.CMFPlone.utils import getToolByName
     >>> wftool = getToolByName(item, 'portal_workflow')

Check the workflow state on the new folder - it's 'private'

     >>> wftool.getInfoFor(item, 'review_state')

Note that Anonymous has no View permissions on the item in this workflow state.

     >>> [x for x in item.permissionsOfRole('Anonymous') if x['name']=='View']
         [{'selected': '', 'name': 'View'}]

So, let's change the workflow state by publishing

     >>> item.content_status_modify(workflow_action='publish')

Now, the workflow state is 'published'

     >>> wftool.getInfoFor(item, 'review_state')

And, in this new state, Anonymous *can* view the item.

     >>> [x for x in item.permissionsOfRole('Anonymous') if x['name']=='View']
         [{'selected': 'SELECTED', 'name': 'View'}]

Just in case, let's commit to the ZODB.

     >>> from transaction import get
     >>> get().commit()

OK, now Anonymous should be able to see the item, right? Wrong. The Anonymous
user gets the login page when attempting to access the item. Plus, we don't
get any exceptions, even with 'verbose-security on' in our buildout instance's

     >>> from Products.Five.testbrowser import Browser
     >>> browser = Browser()
     >>> browser.handleErrors = False
     >>> 'Forgot your password?' in browser.contents

This test fails and it shouldn't, right? Except this functionality works in
Plone 3.0, so I *must* be missing something. What is it?


More information about the Product-Developers mailing list