Define can_delete in group serializer

plone · Nov 6, 2023 · 8879718 · 8879718
1 parent 3145f91
commit 8879718
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 28 deletions.
diff --git a/src/plone/restapi/serializer/group.py b/src/plone/restapi/serializer/group.py
@@ -1,6 +1,8 @@
+from AccessControl import getSecurityManager
 from plone.restapi.batching import HypermediaBatch
 from plone.restapi.interfaces import ISerializeToJson
 from plone.restapi.interfaces import ISerializeToJsonSummary
+from Products.CMFCore.permissions import ManagePortal
 from Products.PlonePAS.interfaces.group import IGroupData
 from zope.component import adapter
 from zope.component.hooks import getSite
@@ -13,9 +15,19 @@ def __init__(self, context, request):
         self.context = context
         self.request = request
 
+    @property
+    def is_zope_manager(self):
+        return getSecurityManager().checkPermission(ManagePortal, self.context)
+
+    def can_delete(self, roles):
+        if self.is_zope_manager:
+            return True
+        return "Manager" not in roles
+
     def __call__(self):
         group = self.context
         portal = getSite()
+        roles = group.getRoles()
 
         return {
             "@id": f"{portal.absolute_url()}/@groups/{group.id}",
@@ -24,7 +36,8 @@ def __call__(self):
             "email": group.getProperty("email"),
             "title": group.getProperty("title"),
             "description": group.getProperty("description"),
-            "roles": group.getRoles(),
+            "roles": roles,
+            "can_delete": self.can_delete(roles),
         }
 
 

diff --git a/src/plone/restapi/services/groups/get.py b/src/plone/restapi/services/groups/get.py
@@ -1,8 +1,6 @@
-from AccessControl import getSecurityManager
 from plone.restapi.interfaces import ISerializeToJson
 from plone.restapi.interfaces import ISerializeToJsonSummary
 from plone.restapi.services import Service
-from Products.CMFCore.permissions import ManagePortal
 from Products.CMFCore.utils import getToolByName
 from zExceptions import BadRequest
 from zope.component import queryMultiAdapter
@@ -21,10 +19,6 @@ def __init__(self, context, request):
         self.params = []
         self.query = self.request.form.copy()
 
-    @property
-    def is_zope_manager(self):
-        return getSecurityManager().checkPermission(ManagePortal, self.context)
-
     def publishTraverse(self, request, name):
         # Consume any path segments after /@users as parameters
         self.params.append(name)
@@ -52,13 +46,7 @@ def _get_filtered_groups(self, query, limit):
         results = portal_groups.searchGroups(id=query, max_results=limit)
         return [portal_groups.getGroupById(group["groupid"]) for group in results]
 
-    def can_delete(self, is_zope_manager, roles):
-        if is_zope_manager:
-            return True
-        return "Manager" not in roles
-
     def reply(self):
-        is_zope_manager = self.is_zope_manager
         if len(self.query) > 0 and len(self.params) == 0:
             query = self.query.get("query", "")
             limit = self.query.get("limit", DEFAULT_SEARCH_RESULTS_LIMIT)
@@ -69,11 +57,7 @@ def reply(self):
                     serializer = queryMultiAdapter(
                         (group, self.request), ISerializeToJsonSummary
                     )
-                    group_serializer = serializer()
-                    group_serializer["can_delete"] = self.can_delete(
-                        is_zope_manager, group_serializer["roles"]
-                    )
-                    result.append(group_serializer)
+                    result.append(serializer())
                 return result
             else:
                 raise BadRequest("Query string supplied is not valid")
@@ -82,20 +66,12 @@ def reply(self):
             result = []
             for group in self._get_groups():
                 serializer = queryMultiAdapter((group, self.request), ISerializeToJson)
-                group_serializer = serializer()
-                group_serializer["can_delete"] = self.can_delete(
-                    is_zope_manager, group_serializer["roles"]
-                )
-                result.append(group_serializer)
+                result.append(serializer())
             return result
         # we retrieve the user on the user id not the username
         group = self._get_group(self._get_group_id)
         if not group:
             self.request.response.setStatus(404)
             return
         serializer = queryMultiAdapter((group, self.request), ISerializeToJson)
-        group_serializer = serializer()
-        group_serializer["can_delete"] = self.can_delete(
-            is_zope_manager, group_serializer["roles"]
-        )
-        return group_serializer
+        return serializer()