Filter inactive items also for admins.

[gyst]

Fixes #4098.

This keeps the existing default behavior, while allowing suppressing inactive content for admins, if show_inactive=False is explicitly passed as a keyword or query.

[mister-roboto]

@gyst thanks for creating this Pull Request and helping to improve Plone!

TL;DR: Finish pushing changes, pass all other checks, then paste a comment:

@jenkins-plone-org please run jobs

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically.

Happy hacking!

[gyst]

Hang on, I think I can fix the issue while keeping the current default behavior.

[gyst]

I improved this PR to retain the current default behavior, while still fixing the bug.

[gyst]

I know I could've just used kw.get("show_inactive") here and below, but since this logic depends so crucially on None being different from False, I preferred the explicit variant.

[yurj]

Seems fine to me, show inactive = False is ok. If it is True, that means "let me show inactive" even if the user should not? show_inactive is used here:

Products.CMFPlone/Products/CMFPlone/WorkflowTool.py

Line 261 in c8694d8

catalog_vars["show_inactive"] = True

" # Include inactive content in result list. This is
# especially important for content scheduled to go public
# in the future, but needs to be reviewed before this."

and here:

Products.CMFPlone/Products/CMFPlone/browser/search.py

Line 148 in c8694d8

query["show_inactive"] = False

respect effective/expiration date

and some other places:

https://github.com/search?q=org%3Aplone+show_inactive&type=code

[gyst]

If it is True, that means "let me show inactive" even if the user should not?

Yes, that's unchanged from the current implementation. Also the default behavior remains unchanged for both admins and non-admins. The only change is, that if you're an admin, it was previously hardcoded that you would always see inactive items; and this is still the default; however if you as an admin request show_inactive=False it will now honor that setting.

Since show_inactive=False before did not work for admins, any code that explicitly asks for that and then still expects inactive items was broken by design and needs to be fixed.

[erral]

FWIW, in a recent Plone 6 project, we have a lot of users who can add content, but are not Managers. They have "can add" permissions wherever they need it.

We had the case where those users set some content to be published in the future, but they can't see those contents.

We went to the /manage_access and set the "Access inactive portal content" permission for "Authenticated" users, and this way they can see these content.

We thought that this was a regression in Plone 6, because this site was migrated from Plone 4 and those users had no problems in the previous versions. So we went Plone 4 and found that there we had also the same permission set for "Authenticated" users.

@libargutxi

[gyst]

We went to the /manage_access and set the "Access inactive portal content" permission for "Authenticated" users, and this way they can see these content.

This will still be required, this PR does not change that.

What it does change, that if you have that permission and you then query searchResults(show_inactive=False), you will actually not see that content.

[davisagli]

Looks okay to me, and thanks for adding tests. Let's run the tests for all Plone packages and make sure there are no regressions:

@jenkins-plone-org please run jobs