Skip to content

Commit

Permalink
Give Site Administrator permission to manage users
Browse files Browse the repository at this point in the history 
Permission of related endpoints changed from cmf.ManagePortal to
plone.app.controlpanel.UsersAndGroups. It was also necessary to give
Manage users and plone.restapi: Access Plone user information
permissions to the Site Administrator.
  • Loading branch information
@wesleybl
wesleybl committed Sep 21, 2023
1 parent 5f44c23 commit 730dfe0
Show file tree
Hide file tree
Showing 8 changed files with 16 additions and 10 deletions.
1 change: 1 addition & 0 deletions news/1704.feature
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Give Site Administrator permission to manage users. @wesleybl
5 changes: 5 additions & 0 deletions src/plone/restapi/profiles/default/rolemap.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@
</permission>
<permission name="plone.restapi: Access Plone user information" acquire="True">
<role name="Manager"/>
<role name="Site Administrator"/>
</permission>
<permission name="Manage users" acquire="True">
<role name="Manager"/>
<role name="Site Administrator"/>
</permission>
</permissions>
</rolemap>
8 changes: 4 additions & 4 deletions src/plone/restapi/services/groups/configure.zcml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,31 +8,31 @@
method="GET"
factory=".get.GroupsGet"
for="Products.CMFCore.interfaces.ISiteRoot"
permission="cmf.ManagePortal"
permission="plone.app.controlpanel.UsersAndGroups"
name="@groups"
/>

<plone:service
method="PATCH"
factory=".update.GroupsPatch"
for="Products.CMFCore.interfaces.ISiteRoot"
permission="cmf.ManagePortal"
permission="plone.app.controlpanel.UsersAndGroups"
name="@groups"
/>

<plone:service
method="POST"
factory=".add.GroupsPost"
for="Products.CMFCore.interfaces.ISiteRoot"
permission="cmf.ManagePortal"
permission="plone.app.controlpanel.UsersAndGroups"
name="@groups"
/>

<plone:service
method="DELETE"
factory=".delete.GroupsDelete"
for="Products.CMFCore.interfaces.ISiteRoot"
permission="cmf.ManagePortal"
permission="plone.app.controlpanel.UsersAndGroups"
name="@groups"
/>

Expand Down
2 changes: 1 addition & 1 deletion src/plone/restapi/services/roles/configure.zcml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
method="GET"
factory=".get.RolesGet"
for="Products.CMFPlone.interfaces.IPloneSiteRoot"
permission="cmf.ManagePortal"
permission="plone.app.controlpanel.UsersAndGroups"
name="@roles"
/>

Expand Down
2 changes: 1 addition & 1 deletion src/plone/restapi/services/users/add.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ def _error(self, status, _type, msgid):
@property
def can_manage_users(self):
sm = getSecurityManager()
return sm.checkPermission("plone.app.controlpanel.UsersAndGroups", self.context)
return sm.checkPermission("Plone Site Setup: Users and Groups", self.context)

@property
def can_set_own_password(self):
Expand Down
2 changes: 1 addition & 1 deletion src/plone/restapi/services/users/configure.zcml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
method="DELETE"
factory=".delete.UsersDelete"
for="Products.CMFCore.interfaces.ISiteRoot"
permission="cmf.ManagePortal"
permission="plone.app.controlpanel.UsersAndGroups"
name="@users"
/>

Expand Down
4 changes: 2 additions & 2 deletions src/plone/restapi/services/users/get.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,11 +153,11 @@ def _get_filtered_users(self, query, groups_filter, search_term, limit):

def has_permission_to_query(self):
sm = getSecurityManager()
return sm.checkPermission("Manage portal", self.context)
return sm.checkPermission("Plone Site Setup: Users and Groups", self.context)

def has_permission_to_enumerate(self):
sm = getSecurityManager()
return sm.checkPermission("Manage portal", self.context)
return sm.checkPermission("Plone Site Setup: Users and Groups", self.context)

def has_permission_to_access_user_info(self):
sm = getSecurityManager()
Expand Down
2 changes: 1 addition & 1 deletion src/plone/restapi/services/users/update.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ def reply(self):
@property
def can_manage_users(self):
sm = getSecurityManager()
return sm.checkPermission("plone.app.controlpanel.UsersAndGroups", self.context)
return sm.checkPermission("Plone Site Setup: Users and Groups", self.context)

@property
def can_set_own_password(self):
Expand Down

0 comments on commit 730dfe0

Please sign in to comment.