Plone 5.2-Relation Choice - What permission does a user need in an add form to select an object in a related items field?

Kirtap · May 17, 2021, 5:42pm

I'm having an issue with add forms where a relation choice will not search for objects for users who are not a Site Administrator. Instead, it sits there with the load icon spinning.
At one point, after going in to the zope manager and removing all error types from the errors ignored, I did get a 'you don't have permission error, but it didn't specify what the missing permission was. Unfortunately, I can't seem to replicate this either.

My schema:

class IMyContentType(model.schema):

    distributor = RelationChoice(title=u"Distributor",
                                 source=CatalogSource(portal_type='Organization'),
                                 required=False
                                 )
    form.widget('distributor',
        RelatedItemsFieldWidget,
        pattern_options={
            'selectableTypes': ['Organization',],
            'basePath':'/',
        }
    )

The users are all able to access the Organizations through navigation and the issue I'm having is only in Add Forms. When a user visits the Edit Form, the relation field works, the user being able to type and getting organization they want.

I did try specifying basePath to where the organizations are stored in case that made a difference, but the path it set was butchered, like it removed certain characters. (i.e. '/organizations' gave '/izations').

I assume this might be a permissions error. Is there a specific permission for using a related items/related field items widget for an Add Form?

1letter · May 17, 2021, 7:20pm

For me this piece of code do the job, its from a behavior, but that shouldn't matter.

def basePath(context=None):
    uid = api.portal.get_registry_record(
        "my.addon.supervisorfolder", default=None
    )
    if not uid:
        folder = api.portal.get()
    else:
        folder = api.content.get(UID=uid)

    return "/".join(folder.getPhysicalPath())


@provider(IFormFieldProvider)
class IContact(model.Schema):

    model.fieldset("contact", label=_("Contact"), fields=["supervisors"])

    supervisors = schema.List(
        title=_("Supervisors"),
        description="",
        default=None,
        required=True,
        value_type=schema.Choice(
            title=_("Supervisor"),
            description=_("Select the right Supervisor"),
            required=True,
            vocabulary="plone.app.vocabularies.Catalog",
        ),
    )

    directives.widget(
        "supervisors",
        RelatedItemsFieldWidget,
        pattern_options={
            "selectableTypes": ["Supervisor"],
            "favorites": False,
            "recentlyUsed": True,
            "basePath": basePath,
        },
    )

in another project i use an adapter to override the permsission on vocabulary requests:

<!-- Adapter Permission Checker for Vocabulary in Registration Form -->
<adapter
  for="my.addon.interfaces.IStudentSubscribeForm"
  provides="plone.app.widgets.interfaces.IFieldPermissionChecker"
  factory=".validator.CourseOfStudiesFieldPermissionChecker" />

# validator.py
from plone.app.dexterity.permissions import GenericFormFieldPermissionChecker

class CourseOfStudiesFieldPermissionChecker(GenericFormFieldPermissionChecker):
  
  def validate(self, field_name, vocabulary_name=None):
    return (vocabulary_name and vocabulary_name == 'myaddon.course_of_studies')

# interfaces.py
class IStudentSubscribeForm(model.Schema):
    .....
  course_of_studies = schema.Choice(
    title = _(u"Course of Studies"),
    required = True,
    missing_value='',
    vocabulary="myaddon.course_of_studies"
  )

  directives.widget(
     'course_of_studies',
     SelectFieldWidget,
     vocabulary='myaddon.course_of_studies'
  )

Kirtap · May 18, 2021, 4:26pm

Thank you for the response.
I didn't mean to delete my initial response, but I was able to get it to work using your example. I forgot to replace source=CatalogSource with the vocabulary = 'plone.app.vocabularies.Catalog'.

I'm not sure why CatalogSource is having issues with non-administrators in add forms, but with RelatedItemsFieldWidget's pattern options covering selectable items, the vocabulary is fine to use (?). One of the fields I'm using queries for is related_my_content_types and my site contains over 1000 'My Content Types', and the widget performs well.

Edit: While using CatalogSource, I was curious about the javascript, what was being passed back when the field is supposed to be populated, so I opened in Firefox the debugger and while it was loading infinitely, it had this message:
Line 6366 - TypeError: o is undefined.

While it was paused at the error, I hovered my mouse over the variable that is supposed to contain results (data), but it was undefined (line 6344).

1letter · May 18, 2021, 8:06pm

Maybe help this

Kirtap · May 20, 2021, 1:09pm

Hi. Yes that's causing the problem. I went into buildout-cache/eggs/plone.app.content-3.8.7-py3.8.egg and in vocabulary.py saw that exact code. When I removed the checking and re-ran the instance, it worked.
I tried removing the current version from buildout cache and re-ran buildout. It grabbed the same version (3.8.7) and I can't find anything pinning it to that version. Is there a 3.x version I can pin to that fixes this or should I just copy the fixed version of plone.app.content into my source directory and use that?

1letter · May 20, 2021, 4:14pm

The fix is not in a 3.x Release, the main branch is for Plone 6. you can fix it self in your local branch, based on a 3.x in the src dir.

Kirtap · May 20, 2021, 4:29pm

Thanks. I appreciate your responses. I'll go for that approach.