Document which API calls check permissions and which don't

[zupo]

We don't have this info now and we need to add it.

Also, wherever we do perform security checks, it would be nice to have flag to skip them if necessary.

If someone can go through the methods one by one and add this permissions information to docstrings, please?

[zupo]

Conclusion after discussion with Liz:

• all plone.api code should be permission aware
• use api.role('') context manager to bypass permissions (see roadmap)

[domenkozar]

I'd never guess api.role('') means bypassing permissions. Also it may happen it will happen accidently leading to security issues. I'd suggest having explicit function for this, such as api.bypass_security

[zupo]

api.role is an idea we just came up with, adding it to roadmap with a code sample just now. Name is by no means final.

[zupo]

@iElectric roadmap pushed, see if api.role() makes more sense to you when used with with: https://github.com/plone/plone.api/blob/master/src/plone/api/docs/about.rst#medium--to-long-term