From e5bc9b82ed068c0fb95f881c5c7ce34ab24cc76f Mon Sep 17 00:00:00 2001
From: wesleybl <wesleybl@gmail.com>
Date: Thu, 21 Sep 2023 17:17:14 -0300
Subject: [PATCH] Test that the Site Administrator cannot add a Manager

---
 src/plone/restapi/tests/test_services_users.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/plone/restapi/tests/test_services_users.py b/src/plone/restapi/tests/test_services_users.py
index fce04b276c..2db6701e3e 100644
--- a/src/plone/restapi/tests/test_services_users.py
+++ b/src/plone/restapi/tests/test_services_users.py
@@ -1363,3 +1363,18 @@ def test_siteadm_not_delete_manager(self):
         transaction.commit()
 
         self.assertIsNotNone(api.user.get(userid="noam"))
+
+    def test_siteadm_not_add_manager(self):
+        self.set_siteadm()
+        self.api_session.post(
+            "/@users",
+            json={
+                "username": "howard",
+                "email": "howard.zinn2@example.com",
+                "password": "peopleshistory",
+                "roles": ["Manager"],
+            },
+        )
+        transaction.commit()
+
+        self.assertIsNone(api.user.get(userid="howard"))