Remove can_delete key from users/groups endpoints

plone · Dec 20, 2023 · 408020a · 408020a
1 parent 292f03c
commit 408020a
Show file tree

Hide file tree

Showing 17 changed files with 2 additions and 84 deletions.
diff --git a/src/plone/restapi/serializer/group.py b/src/plone/restapi/serializer/group.py
@@ -1,9 +1,6 @@
 from plone.restapi.batching import HypermediaBatch
 from plone.restapi.interfaces import ISerializeToJson
 from plone.restapi.interfaces import ISerializeToJsonSummary
-from plone.restapi.permissions import PloneManageUsers
-from plone.restapi.serializer.utils import check_permission
-from Products.CMFCore.permissions import ManagePortal
 from Products.PlonePAS.interfaces.group import IGroupData
 from zope.component import adapter
 from zope.component.hooks import getSite
@@ -16,36 +13,19 @@ def __init__(self, context, request):
         self.context = context
         self.request = request
 
-    @property
-    def is_zope_manager(self):
-        return check_permission(ManagePortal, self.context)
-
-    @property
-    def can_manage_users(self):
-        return check_permission(PloneManageUsers, self.context)
-
-    def can_delete(self, roles):
-        if self.is_zope_manager:
-            return True
-        return "Manager" not in roles
-
     def __call__(self):
         group = self.context
         portal = getSite()
-        roles = group.getRoles()
 
-        result = {
+        return {
             "@id": f"{portal.absolute_url()}/@groups/{group.id}",
             "id": group.id,
             "groupname": group.getGroupName(),
             "email": group.getProperty("email"),
             "title": group.getProperty("title"),
             "description": group.getProperty("description"),
-            "roles": roles,
+            "roles": group.getRoles(),
         }
-        if self.can_manage_users:
-            result["can_delete"] = self.can_delete(roles)
-        return result
 
 
 @implementer(ISerializeToJsonSummary)

diff --git a/src/plone/restapi/serializer/user.py b/src/plone/restapi/serializer/user.py
@@ -3,12 +3,9 @@
 from plone.restapi.bbb import safe_text
 from plone.restapi.interfaces import ISerializeToJson
 from plone.restapi.interfaces import ISerializeToJsonSummary
-from plone.restapi.permissions import PloneManageUsers
 from plone.restapi.serializer.converters import json_compatible
-from plone.restapi.serializer.utils import check_permission
 from plone.restapi.services.users.get import getPortraitUrl
 from Products.CMFCore.interfaces._tools import IMemberData
-from Products.CMFCore.permissions import ManagePortal
 from Products.CMFCore.utils import getToolByName
 from zope.component import adapter
 from zope.component.hooks import getSite
@@ -22,19 +19,6 @@ def __init__(self, context, request):
         self.context = context
         self.request = request
 
-    @property
-    def is_zope_manager(self):
-        return check_permission(ManagePortal, self.context)
-
-    @property
-    def can_manage_users(self):
-        return check_permission(PloneManageUsers, self.context)
-
-    def can_delete(self, roles):
-        if self.is_zope_manager:
-            return True
-        return "Manager" not in roles
-
     def __call__(self):
         user = self.context
         portal = getSite()
@@ -51,8 +35,6 @@ def __call__(self):
             "username": user.getUserName(),
             "roles": roles,
         }
-        if self.can_manage_users:
-            data["can_delete"] = self.can_delete(roles)
 
         schema = getUserDataSchema()
 

diff --git a/src/plone/restapi/tests/http-examples/groups.resp b/src/plone/restapi/tests/http-examples/groups.resp
@@ -4,7 +4,6 @@ Content-Type: application/json
 [
     {
         "@id": "http://localhost:55001/plone/@groups/Administrators",
-        "can_delete": true,
         "description": "",
         "email": "",
         "groupname": "Administrators",
@@ -22,7 +21,6 @@ Content-Type: application/json
     },
     {
         "@id": "http://localhost:55001/plone/@groups/Reviewers",
-        "can_delete": true,
         "description": "",
         "email": "",
         "groupname": "Reviewers",
@@ -40,7 +38,6 @@ Content-Type: application/json
     },
     {
         "@id": "http://localhost:55001/plone/@groups/Site Administrators",
-        "can_delete": true,
         "description": "",
         "email": "",
         "groupname": "Site Administrators",
@@ -58,7 +55,6 @@ Content-Type: application/json
     },
     {
         "@id": "http://localhost:55001/plone/@groups/ploneteam",
-        "can_delete": true,
         "description": "We are Plone",
         "email": "ploneteam@plone.org",
         "groupname": "ploneteam",
@@ -77,7 +73,6 @@ Content-Type: application/json
     },
     {
         "@id": "http://localhost:55001/plone/@groups/AuthenticatedUsers",
-        "can_delete": true,
         "description": "Automatic Group Provider",
         "email": "",
         "groupname": "AuthenticatedUsers",

diff --git a/src/plone/restapi/tests/http-examples/groups_created.resp b/src/plone/restapi/tests/http-examples/groups_created.resp
@@ -4,7 +4,6 @@ Location: http://localhost:55001/plone/@groups/fwt
 
 {
     "@id": "http://localhost:55001/plone/@groups/fwt",
-    "can_delete": true,
     "description": "The Plone Framework Team",
     "email": "fwt@plone.org",
     "groupname": "fwt",

diff --git a/src/plone/restapi/tests/http-examples/groups_filtered_by_groupname.resp b/src/plone/restapi/tests/http-examples/groups_filtered_by_groupname.resp
@@ -4,7 +4,6 @@ Content-Type: application/json
 [
     {
         "@id": "http://localhost:55001/plone/@groups/ploneteam",
-        "can_delete": true,
         "description": "We are Plone",
         "email": "ploneteam@plone.org",
         "groupname": "ploneteam",

diff --git a/src/plone/restapi/tests/http-examples/groups_get.resp b/src/plone/restapi/tests/http-examples/groups_get.resp
@@ -3,7 +3,6 @@ Content-Type: application/json
 
 {
     "@id": "http://localhost:55001/plone/@groups/ploneteam",
-    "can_delete": true,
     "description": "We are Plone",
     "email": "ploneteam@plone.org",
     "groupname": "ploneteam",

diff --git a/src/plone/restapi/tests/http-examples/principals.resp b/src/plone/restapi/tests/http-examples/principals.resp
@@ -5,7 +5,6 @@ Content-Type: application/json
     "groups": [
         {
             "@id": "http://localhost:55001/plone/@groups/ploneteam",
-            "can_delete": true,
             "description": "We are Plone",
             "email": "ploneteam@plone.org",
             "groupname": "ploneteam",

diff --git a/src/plone/restapi/tests/http-examples/users.resp b/src/plone/restapi/tests/http-examples/users.resp
@@ -4,7 +4,6 @@ Content-Type: application/json
 [
     {
         "@id": "http://localhost:55001/plone/@users/admin",
-        "can_delete": true,
         "description": "This is an admin user",
         "email": "admin@example.com",
         "fullname": "Administrator",
@@ -29,7 +28,6 @@ Content-Type: application/json
     },
     {
         "@id": "http://localhost:55001/plone/@users/test_user_1_",
-        "can_delete": true,
         "description": "This is a test user",
         "email": "test@example.com",
         "fullname": "Test User",

diff --git a/src/plone/restapi/tests/http-examples/users_add.resp b/src/plone/restapi/tests/http-examples/users_add.resp
@@ -4,7 +4,6 @@ Location: http://localhost:55001/plone/@users/noamchomsky
 
 {
     "@id": "http://localhost:55001/plone/@users/noamchomsky",
-    "can_delete": true,
     "description": "Professor of Linguistics",
     "email": "noam.chomsky@example.com",
     "fullname": "Noam Avram Chomsky",

diff --git a/src/plone/restapi/tests/http-examples/users_created.resp b/src/plone/restapi/tests/http-examples/users_created.resp
@@ -4,7 +4,6 @@ Location: http://localhost:55001/plone/@users/noamchomsky
 
 {
     "@id": "http://localhost:55001/plone/@users/noamchomsky",
-    "can_delete": true,
     "description": "Professor of Linguistics",
     "email": "noam.chomsky@example.com",
     "fullname": "Noam Avram Chomsky",

diff --git a/src/plone/restapi/tests/http-examples/users_filtered_by_groups.resp b/src/plone/restapi/tests/http-examples/users_filtered_by_groups.resp
@@ -4,7 +4,6 @@ Content-Type: application/json
 [
     {
         "@id": "http://localhost:55001/plone/@users/noam",
-        "can_delete": true,
         "description": "Professor of Linguistics",
         "email": "noam.chomsky@example.com",
         "fullname": "Noam Avram Chomsky",

diff --git a/src/plone/restapi/tests/http-examples/users_filtered_by_username.resp b/src/plone/restapi/tests/http-examples/users_filtered_by_username.resp
@@ -4,7 +4,6 @@ Content-Type: application/json
 [
     {
         "@id": "http://localhost:55001/plone/@users/noam",
-        "can_delete": true,
         "description": "Professor of Linguistics",
         "email": "noam.chomsky@example.com",
         "fullname": "Noam Avram Chomsky",

diff --git a/src/plone/restapi/tests/http-examples/users_get.resp b/src/plone/restapi/tests/http-examples/users_get.resp
@@ -3,7 +3,6 @@ Content-Type: application/json
 
 {
     "@id": "http://localhost:55001/plone/@users/noam",
-    "can_delete": true,
     "description": "Professor of Linguistics",
     "email": "noam.chomsky@example.com",
     "fullname": "Noam Avram Chomsky",

diff --git a/src/plone/restapi/tests/http-examples/users_searched.resp b/src/plone/restapi/tests/http-examples/users_searched.resp
@@ -4,7 +4,6 @@ Content-Type: application/json
 [
     {
         "@id": "http://localhost:55001/plone/@users/noam",
-        "can_delete": true,
         "description": "Professor of Linguistics",
         "email": "noam.chomsky@example.com",
         "fullname": "Noam Avram Chomsky",

diff --git a/src/plone/restapi/tests/http-examples/users_update_portrait_get.resp b/src/plone/restapi/tests/http-examples/users_update_portrait_get.resp
@@ -3,7 +3,6 @@ Content-Type: application/json
 
 {
     "@id": "http://localhost:55001/plone/@users/noam",
-    "can_delete": true,
     "description": null,
     "email": "noam.chomsky@example.com",
     "fullname": null,

diff --git a/src/plone/restapi/tests/test_services_groups.py b/src/plone/restapi/tests/test_services_groups.py
@@ -84,16 +84,6 @@ def test_list_groups(self):
             all(["members" in group for group in response.json()]),
             "Members key found in groups listing",
         )
-        self.assertTrue(ptgroup.get("can_delete"))
-
-    def test_siteadm_groups_can_delete(self):
-        self.set_siteadm()
-        response = self.api_session.get("/@groups")
-
-        administrators = [
-            x for x in response.json() if x.get("groupname") == "Administrators"
-        ][0]
-        self.assertFalse(administrators.get("can_delete"))
 
     def test_add_group(self):
         response = self.api_session.post(

diff --git a/src/plone/restapi/tests/test_services_users.py b/src/plone/restapi/tests/test_services_users.py
@@ -142,22 +142,6 @@ def test_list_users(self):
         self.assertEqual("web.mit.edu/chomsky", noam.get("home_page"))  # noqa
         self.assertEqual("Professor of Linguistics", noam.get("description"))  # noqa
         self.assertEqual("Cambridge, MA", noam.get("location"))
-        self.assertTrue(noam.get("can_delete"))
-
-    def test_siteadm_can_delete(self):
-        self.set_siteadm()
-        api.user.create(
-            email="manager@example.com",
-            roles=["Manager"],
-            username="manager",
-            password="managerpassword",
-        )
-        transaction.commit()
-
-        response = self.api_session.get("/@users")
-
-        manager = [x for x in response.json() if x.get("username") == "manager"][0]
-        self.assertFalse(manager.get("can_delete"))
 
     def test_list_users_without_being_manager(self):
         noam_api_session = RelativeSession(self.portal_url, test=self)