From 408020a4e604524b4767b0f34b2b21adcb023823 Mon Sep 17 00:00:00 2001 From: wesleybl Date: Wed, 20 Dec 2023 15:37:48 -0300 Subject: [PATCH] Remove can_delete key from users/groups endpoints --- src/plone/restapi/serializer/group.py | 24 ++----------------- src/plone/restapi/serializer/user.py | 18 -------------- .../restapi/tests/http-examples/groups.resp | 5 ---- .../tests/http-examples/groups_created.resp | 1 - .../groups_filtered_by_groupname.resp | 1 - .../tests/http-examples/groups_get.resp | 1 - .../tests/http-examples/principals.resp | 1 - .../restapi/tests/http-examples/users.resp | 2 -- .../tests/http-examples/users_add.resp | 1 - .../tests/http-examples/users_created.resp | 1 - .../users_filtered_by_groups.resp | 1 - .../users_filtered_by_username.resp | 1 - .../tests/http-examples/users_get.resp | 1 - .../tests/http-examples/users_searched.resp | 1 - .../users_update_portrait_get.resp | 1 - .../restapi/tests/test_services_groups.py | 10 -------- .../restapi/tests/test_services_users.py | 16 ------------- 17 files changed, 2 insertions(+), 84 deletions(-) diff --git a/src/plone/restapi/serializer/group.py b/src/plone/restapi/serializer/group.py index a7a0ad4b87..d9c2279467 100644 --- a/src/plone/restapi/serializer/group.py +++ b/src/plone/restapi/serializer/group.py @@ -1,9 +1,6 @@ from plone.restapi.batching import HypermediaBatch from plone.restapi.interfaces import ISerializeToJson from plone.restapi.interfaces import ISerializeToJsonSummary -from plone.restapi.permissions import PloneManageUsers -from plone.restapi.serializer.utils import check_permission -from Products.CMFCore.permissions import ManagePortal from Products.PlonePAS.interfaces.group import IGroupData from zope.component import adapter from zope.component.hooks import getSite @@ -16,36 +13,19 @@ def __init__(self, context, request): self.context = context self.request = request - @property - def is_zope_manager(self): - return check_permission(ManagePortal, self.context) - - @property - def can_manage_users(self): - return check_permission(PloneManageUsers, self.context) - - def can_delete(self, roles): - if self.is_zope_manager: - return True - return "Manager" not in roles - def __call__(self): group = self.context portal = getSite() - roles = group.getRoles() - result = { + return { "@id": f"{portal.absolute_url()}/@groups/{group.id}", "id": group.id, "groupname": group.getGroupName(), "email": group.getProperty("email"), "title": group.getProperty("title"), "description": group.getProperty("description"), - "roles": roles, + "roles": group.getRoles(), } - if self.can_manage_users: - result["can_delete"] = self.can_delete(roles) - return result @implementer(ISerializeToJsonSummary) diff --git a/src/plone/restapi/serializer/user.py b/src/plone/restapi/serializer/user.py index fbb697dada..bb2aabcc8f 100644 --- a/src/plone/restapi/serializer/user.py +++ b/src/plone/restapi/serializer/user.py @@ -3,12 +3,9 @@ from plone.restapi.bbb import safe_text from plone.restapi.interfaces import ISerializeToJson from plone.restapi.interfaces import ISerializeToJsonSummary -from plone.restapi.permissions import PloneManageUsers from plone.restapi.serializer.converters import json_compatible -from plone.restapi.serializer.utils import check_permission from plone.restapi.services.users.get import getPortraitUrl from Products.CMFCore.interfaces._tools import IMemberData -from Products.CMFCore.permissions import ManagePortal from Products.CMFCore.utils import getToolByName from zope.component import adapter from zope.component.hooks import getSite @@ -22,19 +19,6 @@ def __init__(self, context, request): self.context = context self.request = request - @property - def is_zope_manager(self): - return check_permission(ManagePortal, self.context) - - @property - def can_manage_users(self): - return check_permission(PloneManageUsers, self.context) - - def can_delete(self, roles): - if self.is_zope_manager: - return True - return "Manager" not in roles - def __call__(self): user = self.context portal = getSite() @@ -51,8 +35,6 @@ def __call__(self): "username": user.getUserName(), "roles": roles, } - if self.can_manage_users: - data["can_delete"] = self.can_delete(roles) schema = getUserDataSchema() diff --git a/src/plone/restapi/tests/http-examples/groups.resp b/src/plone/restapi/tests/http-examples/groups.resp index e8035cd5f0..a69eaef559 100644 --- a/src/plone/restapi/tests/http-examples/groups.resp +++ b/src/plone/restapi/tests/http-examples/groups.resp @@ -4,7 +4,6 @@ Content-Type: application/json [ { "@id": "http://localhost:55001/plone/@groups/Administrators", - "can_delete": true, "description": "", "email": "", "groupname": "Administrators", @@ -22,7 +21,6 @@ Content-Type: application/json }, { "@id": "http://localhost:55001/plone/@groups/Reviewers", - "can_delete": true, "description": "", "email": "", "groupname": "Reviewers", @@ -40,7 +38,6 @@ Content-Type: application/json }, { "@id": "http://localhost:55001/plone/@groups/Site Administrators", - "can_delete": true, "description": "", "email": "", "groupname": "Site Administrators", @@ -58,7 +55,6 @@ Content-Type: application/json }, { "@id": "http://localhost:55001/plone/@groups/ploneteam", - "can_delete": true, "description": "We are Plone", "email": "ploneteam@plone.org", "groupname": "ploneteam", @@ -77,7 +73,6 @@ Content-Type: application/json }, { "@id": "http://localhost:55001/plone/@groups/AuthenticatedUsers", - "can_delete": true, "description": "Automatic Group Provider", "email": "", "groupname": "AuthenticatedUsers", diff --git a/src/plone/restapi/tests/http-examples/groups_created.resp b/src/plone/restapi/tests/http-examples/groups_created.resp index 7dbef17e3e..99793212f6 100644 --- a/src/plone/restapi/tests/http-examples/groups_created.resp +++ b/src/plone/restapi/tests/http-examples/groups_created.resp @@ -4,7 +4,6 @@ Location: http://localhost:55001/plone/@groups/fwt { "@id": "http://localhost:55001/plone/@groups/fwt", - "can_delete": true, "description": "The Plone Framework Team", "email": "fwt@plone.org", "groupname": "fwt", diff --git a/src/plone/restapi/tests/http-examples/groups_filtered_by_groupname.resp b/src/plone/restapi/tests/http-examples/groups_filtered_by_groupname.resp index f13e01a4ce..eaa2f96734 100644 --- a/src/plone/restapi/tests/http-examples/groups_filtered_by_groupname.resp +++ b/src/plone/restapi/tests/http-examples/groups_filtered_by_groupname.resp @@ -4,7 +4,6 @@ Content-Type: application/json [ { "@id": "http://localhost:55001/plone/@groups/ploneteam", - "can_delete": true, "description": "We are Plone", "email": "ploneteam@plone.org", "groupname": "ploneteam", diff --git a/src/plone/restapi/tests/http-examples/groups_get.resp b/src/plone/restapi/tests/http-examples/groups_get.resp index e18189a8b9..d4b132c675 100644 --- a/src/plone/restapi/tests/http-examples/groups_get.resp +++ b/src/plone/restapi/tests/http-examples/groups_get.resp @@ -3,7 +3,6 @@ Content-Type: application/json { "@id": "http://localhost:55001/plone/@groups/ploneteam", - "can_delete": true, "description": "We are Plone", "email": "ploneteam@plone.org", "groupname": "ploneteam", diff --git a/src/plone/restapi/tests/http-examples/principals.resp b/src/plone/restapi/tests/http-examples/principals.resp index 3c3769d18d..52080db0eb 100644 --- a/src/plone/restapi/tests/http-examples/principals.resp +++ b/src/plone/restapi/tests/http-examples/principals.resp @@ -5,7 +5,6 @@ Content-Type: application/json "groups": [ { "@id": "http://localhost:55001/plone/@groups/ploneteam", - "can_delete": true, "description": "We are Plone", "email": "ploneteam@plone.org", "groupname": "ploneteam", diff --git a/src/plone/restapi/tests/http-examples/users.resp b/src/plone/restapi/tests/http-examples/users.resp index 6a24d1ef7c..a8e179eaff 100644 --- a/src/plone/restapi/tests/http-examples/users.resp +++ b/src/plone/restapi/tests/http-examples/users.resp @@ -4,7 +4,6 @@ Content-Type: application/json [ { "@id": "http://localhost:55001/plone/@users/admin", - "can_delete": true, "description": "This is an admin user", "email": "admin@example.com", "fullname": "Administrator", @@ -29,7 +28,6 @@ Content-Type: application/json }, { "@id": "http://localhost:55001/plone/@users/test_user_1_", - "can_delete": true, "description": "This is a test user", "email": "test@example.com", "fullname": "Test User", diff --git a/src/plone/restapi/tests/http-examples/users_add.resp b/src/plone/restapi/tests/http-examples/users_add.resp index de6a820435..0c13e44b9c 100644 --- a/src/plone/restapi/tests/http-examples/users_add.resp +++ b/src/plone/restapi/tests/http-examples/users_add.resp @@ -4,7 +4,6 @@ Location: http://localhost:55001/plone/@users/noamchomsky { "@id": "http://localhost:55001/plone/@users/noamchomsky", - "can_delete": true, "description": "Professor of Linguistics", "email": "noam.chomsky@example.com", "fullname": "Noam Avram Chomsky", diff --git a/src/plone/restapi/tests/http-examples/users_created.resp b/src/plone/restapi/tests/http-examples/users_created.resp index 8ae176fb9f..578dbc68f8 100644 --- a/src/plone/restapi/tests/http-examples/users_created.resp +++ b/src/plone/restapi/tests/http-examples/users_created.resp @@ -4,7 +4,6 @@ Location: http://localhost:55001/plone/@users/noamchomsky { "@id": "http://localhost:55001/plone/@users/noamchomsky", - "can_delete": true, "description": "Professor of Linguistics", "email": "noam.chomsky@example.com", "fullname": "Noam Avram Chomsky", diff --git a/src/plone/restapi/tests/http-examples/users_filtered_by_groups.resp b/src/plone/restapi/tests/http-examples/users_filtered_by_groups.resp index 623c183d65..7ea2e78da5 100644 --- a/src/plone/restapi/tests/http-examples/users_filtered_by_groups.resp +++ b/src/plone/restapi/tests/http-examples/users_filtered_by_groups.resp @@ -4,7 +4,6 @@ Content-Type: application/json [ { "@id": "http://localhost:55001/plone/@users/noam", - "can_delete": true, "description": "Professor of Linguistics", "email": "noam.chomsky@example.com", "fullname": "Noam Avram Chomsky", diff --git a/src/plone/restapi/tests/http-examples/users_filtered_by_username.resp b/src/plone/restapi/tests/http-examples/users_filtered_by_username.resp index 4f52f47129..d69cc23645 100644 --- a/src/plone/restapi/tests/http-examples/users_filtered_by_username.resp +++ b/src/plone/restapi/tests/http-examples/users_filtered_by_username.resp @@ -4,7 +4,6 @@ Content-Type: application/json [ { "@id": "http://localhost:55001/plone/@users/noam", - "can_delete": true, "description": "Professor of Linguistics", "email": "noam.chomsky@example.com", "fullname": "Noam Avram Chomsky", diff --git a/src/plone/restapi/tests/http-examples/users_get.resp b/src/plone/restapi/tests/http-examples/users_get.resp index 0e037c2375..db93e3c59e 100644 --- a/src/plone/restapi/tests/http-examples/users_get.resp +++ b/src/plone/restapi/tests/http-examples/users_get.resp @@ -3,7 +3,6 @@ Content-Type: application/json { "@id": "http://localhost:55001/plone/@users/noam", - "can_delete": true, "description": "Professor of Linguistics", "email": "noam.chomsky@example.com", "fullname": "Noam Avram Chomsky", diff --git a/src/plone/restapi/tests/http-examples/users_searched.resp b/src/plone/restapi/tests/http-examples/users_searched.resp index 79895fd699..a7d26d8346 100644 --- a/src/plone/restapi/tests/http-examples/users_searched.resp +++ b/src/plone/restapi/tests/http-examples/users_searched.resp @@ -4,7 +4,6 @@ Content-Type: application/json [ { "@id": "http://localhost:55001/plone/@users/noam", - "can_delete": true, "description": "Professor of Linguistics", "email": "noam.chomsky@example.com", "fullname": "Noam Avram Chomsky", diff --git a/src/plone/restapi/tests/http-examples/users_update_portrait_get.resp b/src/plone/restapi/tests/http-examples/users_update_portrait_get.resp index 6bb9bf2c9c..5da36fe6dd 100644 --- a/src/plone/restapi/tests/http-examples/users_update_portrait_get.resp +++ b/src/plone/restapi/tests/http-examples/users_update_portrait_get.resp @@ -3,7 +3,6 @@ Content-Type: application/json { "@id": "http://localhost:55001/plone/@users/noam", - "can_delete": true, "description": null, "email": "noam.chomsky@example.com", "fullname": null, diff --git a/src/plone/restapi/tests/test_services_groups.py b/src/plone/restapi/tests/test_services_groups.py index 6994f2348e..428069d845 100644 --- a/src/plone/restapi/tests/test_services_groups.py +++ b/src/plone/restapi/tests/test_services_groups.py @@ -84,16 +84,6 @@ def test_list_groups(self): all(["members" in group for group in response.json()]), "Members key found in groups listing", ) - self.assertTrue(ptgroup.get("can_delete")) - - def test_siteadm_groups_can_delete(self): - self.set_siteadm() - response = self.api_session.get("/@groups") - - administrators = [ - x for x in response.json() if x.get("groupname") == "Administrators" - ][0] - self.assertFalse(administrators.get("can_delete")) def test_add_group(self): response = self.api_session.post( diff --git a/src/plone/restapi/tests/test_services_users.py b/src/plone/restapi/tests/test_services_users.py index cd7fc36246..b203743b3e 100644 --- a/src/plone/restapi/tests/test_services_users.py +++ b/src/plone/restapi/tests/test_services_users.py @@ -142,22 +142,6 @@ def test_list_users(self): self.assertEqual("web.mit.edu/chomsky", noam.get("home_page")) # noqa self.assertEqual("Professor of Linguistics", noam.get("description")) # noqa self.assertEqual("Cambridge, MA", noam.get("location")) - self.assertTrue(noam.get("can_delete")) - - def test_siteadm_can_delete(self): - self.set_siteadm() - api.user.create( - email="manager@example.com", - roles=["Manager"], - username="manager", - password="managerpassword", - ) - transaction.commit() - - response = self.api_session.get("/@users") - - manager = [x for x in response.json() if x.get("username") == "manager"][0] - self.assertFalse(manager.get("can_delete")) def test_list_users_without_being_manager(self): noam_api_session = RelativeSession(self.portal_url, test=self)