Insufficient Privileges: plone.app.multilingual [1.x] - Translate an Archetype content

Question

I got a really strange behaviour, if I want to translate an Archetype contenttype (for example Folder) with plone.app.multilingual.

Error msg:

Insufficient Privileges

You do not have sufficient privileges to view this page. If you believe you are 
receiving this message in error, contact the site administration.

My environment:

• Plone = 4.3.2
• plone.app.multilingual = 1.2.1
• plone.multilingual = 1.2.1
• plone.multilingualbehavior = 1.2
• archetypes.multilingual = 1.2
• And about 40 Plone Addon's (which makes this really complex)

My use case:

• Two languages are configured EN and DE
• Plone's simple_publication_workflow is configured.
• All items are in the private state. (LanguageRoot folders are in private state too)

I can reproduce this problem by first creating a content (Folder) in the english part of the site. The content is private, since this is the default state for new content.

Then I try to translate the content into german by clicking on the Translate menu -> create German. Done... the error Insufficient Privileges appears.

If I install a vanilla Plone 4.3.2 and plone.app.multilingial without my huge bunch of addons everything works fine. I pretty sure there's a problem with one of the addons but I need to understand what leads to this problem. It doesn't matters, which addon breaks the site.

Further...

Since it's a permission problem I first tried it to publish everything and then translate the content into German. This worked well!

Well, next step was debugging into plone.app.multilingual. I ended up in the add.py AddTraverser

The problem appears on the redirect on line 37 If one part of the url is not public accessible (Anonymous??) the error happens.

imho it's strange that the implementation of the DX part and AT part is different.

I changed the AT part implementation to:

self.context.REQUEST.set('type', name)
view = queryMultiAdapter((self.context, self.context.REQUEST),
                             name="add_at_translation")
return view.__of__(self.context)

instead of:

baseUrl = self.context.absolute_url()
url = '%s/@@add_at_translation?type=%s' % (baseUrl, name)
return self.request.response.redirect(url)

This totally fixed my case. And all plone.app.multilingual tests are still working.

But I cannot explain why? And why it doesn't work without the customization?

Any hint is really appreciated!

Answer 1

Why your fix works, could be related to that the user may not be authenticated during traverse. This is similar to, why user may not be authenticated during browser views' __init__.

That might be a bug, and a pull request with your fix, and a test that proves your point by failing without it, would be preferred.

You should be able to get a better error message by removing Unauthorized from filtered errors in /Plone/error_log (via ZMI). I'm not sure, how absolute_url can raise Unauthorized in any condition.