DocumentHelper.GetDocuments().CheckPermissions() for anonymous users
CheckPermissions() blocks nodes for anonymous users even if content nodes don't have any access restrictions applied. I think this is more just a bug that needs to be fixed - if Security tab in the content tree doesn't have any security rules, DocumentHelper.GetDocuments() should return identical results with or without CheckPermissions().
This is by design behavior. Please see the comment below.
Hi Martin and Michal,
Thant's okay, I have resorted to the same implementation anyway. I think it'd make sense to update this article: https://docs.kentico.com/api10/content-management/page-security to make it clear for developers that read permissions (which otherwise seem redundant) should be applied to the content root in order for CheckPermissions() to work for anonymous users.
This is by design, default module permissions still apply in this case. Permission model must be restrictive by default in order to keep it secure.
You can either setup default read permission for public user on all content, or set them to the root of the tree and let the permissions inherit.