Indexing content that current user cannot View

We have a form where user entered data is used to create Dexterity content, however they do not have permission to view this created content in its initial state. This is fine on the Plone end. But we have a hook to index content in Opensearch and that's where the problem is. We are using Opensearch/wildcard.hps which are forks of Elasticsearch/collective.elasticsearch respectively.

The way this works is that indexing is done asynchronously via a hook that calls Opensearch. To get the index the object is retrieved by uid with uuidToObject from This uses brain.getObject() which is security aware - and fails because the current user does not have permission to see the content created by their action.

One solution would be to patch wildcard.hps with a try/except and just not index the content. I don't like this solution because we have periodic checks in place to make sure ZCatalog and Opensearch match, in case indexing failed for whatever reason.

Another solution is to replace uuidToObject with a function that ignores security. I think this is ok because in order to get this object returned in search results it still does the usual security checks. I can't think of why we would want to stop it from getting indexed at all. Am I missing something?

In a Plone 5.2 application I maintain, I have explcitly copylifted/backported the implementation of uuidToObject() from 2.2.0+, which allows an unrestricted=True argument to be passed. This is probably a reasonable choice.


Thanks also for pointing out this update. I'm looking into updating this version as part of 5.2 patch for this issue.