plone · ale-rt · Feb 6, 2019 · Feb 6, 2019 · Feb 6, 2019
diff --git a/Products/CMFPlone/CatalogTool.py b/Products/CMFPlone/CatalogTool.py
@@ -139,7 +139,12 @@ def allowedRolesAndUsers(obj):
     """Return a list of roles and users with View permission.
     Used to filter out items you're not allowed to see.
     """
-    allowed = set(rolesForPermissionOn('View', obj))
+
+    # 'Access contents information' is the correct permission for
+    # accessing and displaying metadata of an item.
+    # 'View' should be reserved for accessing the item itself.
+    allowed = set(rolesForPermissionOn('Access contents information', obj))
+
     # shortcut roles and only index the most basic system role if the object
     # is viewable by either of those
     if 'Anonymous' in allowed:

diff --git a/news/260.bugfix b/news/260.bugfix
@@ -0,0 +1,2 @@
+Switched allowedRolesAndUsers indexer from 'View' to the correct permission 'Access contents information' for displaying metadata. 'View' permission should be used on the item itself. The change should not matter for default Plone workflows, since they always use those permissions together.
+[agitator]