I am using p.a.widgets 1.9.1 on Plone 4.3.12 and I get a "Vocabulary lookup not allowed" error on a field that uses AjaxSelectWidget. The field works for admin but not for regular user. The p.a.widgets module checks for vocabulary permissions and field permissions. This is set in
p/a/w/browser/vocabulary.py in the VocabularyView class
if factory_name in _permissions\
# Short circuit if permission is in global registry
authorized = sm.checkPermission(
# Check field specific permission
permission_checker = queryAdapter(
if permission_checker is not None:
authorized = permission_checker.validate(
The permission check in the factory_name section returns false and the field_name validate method returns the default permission 'Modify portal content'. Since the error occurs on an Add Form, I need to set the modify permission on the container for my user. I really do not want to do this since this would also make the container editable by the user. Is there another way other than creating a custom permission and using it for the field's write permission?
BTW, my vocabulary already has a custom permission
_permissions['my.package.vocabulary.ParkingUnits'] = 'View'
but this does not work since factory_name evaluation uses an "and" operator and INavigationRoot.providedBy(context) returns false
I would appreciate ideas on a workaround.
I just came up with this issue, but on Plone 5. Did you find a solution?
My solution was to create a custom permission and provide the permission for my contributors on the container. My issue is specific to p.a.widgets 1.x since its browser/vocabulary.py is what takes on the Ajax requests. I think in P5, its already the vocabulary view provided by p.a.contenttypes which receives such requests. The permission checks are processed differently. I think you will need to check the package versions installed in your Plone instance.
Thanks. In my case I ended up being able to use the following on the field because the user's role had this permission on the parent. I did not initially realize it would work because I thought this only affected the read/write of the field itself but it did permit access to the vocabulary used by the AjaxSelectFieldWidget on the field.
I have this issue today in my Plone 5 with an extended User Registration Form and an AjaxSelectFieldWidget. My Solution:
The Adapter Registration:
<!-- Adapter Permission Checker for Vocabulary in Registration Form -->
# -*- coding: utf-8 -*-
from zope.interface import Interface
"""Marker interface for Custom User Registration Form."""
The Form and the Provider Definition for the Adapter
# -*- coding: utf-8 -*-
from zope.interface import implements
from plone.app.z3cform.widget import AjaxSelectFieldWidget
from plone.app.users.browser.register import RegistrationForm
from plone.app.dexterity.permissions import GenericFormFieldPermissionChecker
from interfaces import ICustomRegistrationForm
def validate(self, field_name, vocabulary_name=None):
""" return True for allow or False if denied """
return (vocabulary_name and vocabulary_name == 'my.addon.vocabularies.IndicationSections')
return super(RegistrationForm, self).render()
self.fields["section"].widgetFactory = AjaxSelectFieldWidget