Add check for protected vocabulary in endpoint 'vocabularies'.

[ksuess]

Fix 1286

[mister-roboto]

@ksuess thanks for creating this Pull Request and help improve Plone!

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass.

Whenever you feel that the pull request is ready to be tested, either start all jenkins jobs pull requests by yourself, or simply add a comment in this pull request stating:

@jenkins-plone-org please run jobs

With this simple comment all the jobs will be started automatically.

Happy hacking!

[ksuess]

@jenkins-plone-org please run jobs

[jensens]

@ksuess Genius! That's how it should work. I love it.

I would just merge this!

Then we can go further:

• We need the same over in plone.app.content.browser.vocabulary
• then protect all the plone.app.vocabularies utility registrations with permissions
• import the PERMISSION_MAP conditional for restapi (to not break older Plones), see below
• drop PERMISSION_MAP in Plone 6 at all, including its permission check.
• document it (which is just pointing to utility basically).

Finally a clean solution.

[sneridagh]

LGTM! Awesome!

Sorry for being picky, I checked quickly and in the cell phone, but shouldn't we also take care of the 401 use case from a formal point of view?

[ksuess]

May I propose to close this PR.
A registration like below can fool developers into believe that this vocabulary is protected.
But the vocabulary is protected by requesting via REST API endpoint, but not in general.

  <utility
      provides="zope.schema.interfaces.IVocabularyFactory"
      name="plone.restapi.testing.protected_vocabulary"
      component=".tests.test_services_vocabularies.test_vocabulary_factory"
      permission="cmf.ManagePortal"
      />

Thanks for the kind feedback and sorry for the noise.

[ksuess]

In midterm we can maybe think of a Plone Vocabulary Registry that can deal with permission protection.

A first try: plone/plone.app.vocabularies#69