From 0da4d7050953c7b513e1787dad05c64b09bdd556 Mon Sep 17 00:00:00 2001
From: Philip Bauer <bauer@starzel.de>
Date: Fri, 20 Dec 2024 06:46:10 +0100
Subject: [PATCH 1/2] Fix api.content.get when a item in the path is not
 accessible to the user (#549)

---
 news/549.bugfix          | 2 ++
 src/plone/api/content.py | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 news/549.bugfix

diff --git a/news/549.bugfix b/news/549.bugfix
new file mode 100644
index 00000000..2d2d3666
--- /dev/null
+++ b/news/549.bugfix
@@ -0,0 +1,2 @@
+Fix api.content.get(path=path) when a item in the path is not accessible to the user.
+[pbauer]
diff --git a/src/plone/api/content.py b/src/plone/api/content.py
index 95515de9..f0a9c850 100644
--- a/src/plone/api/content.py
+++ b/src/plone/api/content.py
@@ -133,7 +133,12 @@ def get(path=None, UID=None):
                 relative_path=path,
             )
         try:
-            content = site.restrictedTraverse(path)
+            path = path.split("/")
+            if len(path) > 1:
+                parent = site.unrestrictedTraverse(path[:-1])
+                content = parent.restrictedTraverse(path[-1])
+            else:
+                content = site.restrictedTraverse(path[-1])
         except (KeyError, AttributeError):
             return None  # When no object is found don't raise an error
         else:

From c6cfdb41b5e7bc9f1ca518f1e3449059d4820aae Mon Sep 17 00:00:00 2001
From: Philip Bauer <bauer@starzel.de>
Date: Fri, 20 Dec 2024 08:19:24 +0100
Subject: [PATCH 2/2] add test

---
 src/plone/api/tests/test_content.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/plone/api/tests/test_content.py b/src/plone/api/tests/test_content.py
index 41caebc0..4e9b701b 100644
--- a/src/plone/api/tests/test_content.py
+++ b/src/plone/api/tests/test_content.py
@@ -478,6 +478,16 @@ def test_get(self):
         # title is an attribute
         self.assertIsNone(api.content.get("/about/team/title"))
 
+    def test_get_of_content_in_inaccessible_container(self):
+        """Test getting items in a inaccessible container.
+        Worked in Plone 5.1 but raised Unauthorized since 5.2."""
+        api.content.transition(obj=self.team, transition="publish")
+        with api.env.adopt_roles(["Member"]):
+            team_by_path = api.content.get("/about/team")
+            self.assertEqual(self.team, team_by_path)
+            team_by_uid = api.content.get(UID=self.team.UID())
+            self.assertEqual(self.team, team_by_uid)
+
     def test_move_constraints(self):
         """Test the constraints for moving content."""
         from plone.api.exc import MissingParameterError