When a user triggers NotificationTool.sendMessage(recipient=user_id) to a recipient she does not have access permission on, it now causes this problem (the caller context is a custom script with manager proxy role):

  Module Products.ERP5.Tool.NotificationTool, line 322, in sendMessage
    person_value = getUserValueByUserId(person)
  Module Products.ERP5.Tool.NotificationTool, line 291, in getUserValueByUserId
    return portal.restrictedTraverse(user['path'])
  Module OFS.Traversable, line 317, in restrictedTraverse
    return self.unrestrictedTraverse(path, default, restricted=True)
  Module OFS.Traversable, line 251, in unrestrictedTraverse
   - __traceback_info__: (['redacted_person_id'], 'person_module')
    next = guarded_getattr(obj, name)
Unauthorized: You are not allowed to access 'person_module' in this context

This is a regression caused by 62d8d3ac .

That particular case was working before, because the person was looked up using catalog so the proxy role from the caller script was taken in to account.

Now, we can say that the approach suggested here is not correct and document that the current logged in user must have permission to access the person documents involved as sender or recipient in the notification.

Then, if we need to send message to persons the current user does not have access permission, instead of using:

portal.portal_notifications.sendMessage(recipient=person.getUserId())

just do:

portal.portal_notifications.sendMessage(recipient=person)

but the later does not allow for using activities.

/cc @vpelletier @gabriel