diff --git a/src/plone/restapi/services/roles/get.py b/src/plone/restapi/services/roles/get.py index f2329c65f8..1e84c78540 100644 --- a/src/plone/restapi/services/roles/get.py +++ b/src/plone/restapi/services/roles/get.py @@ -1,32 +1,19 @@ -from AccessControl import getSecurityManager from Acquisition import aq_inner from plone.restapi.services import Service -from Products.CMFCore.permissions import ManagePortal from Products.CMFCore.utils import getToolByName from zope.i18n import translate class RolesGet(Service): - @property - def is_zope_manager(self): - return getSecurityManager().checkPermission(ManagePortal, self.context) - - def can_assign(self, is_zope_manager, _id): - if is_zope_manager: - return True - return _id != "Manager" - def reply(self): pmemb = getToolByName(aq_inner(self.context), "portal_membership") roles = [r for r in pmemb.getPortalRoles() if r != "Owner"] - is_zope_manager = self.is_zope_manager return [ { "@type": "role", "@id": f"{self.context.absolute_url()}/@roles/{r}", "id": r, "title": translate(r, context=self.request, domain="plone"), - "can_assign": self.can_assign(is_zope_manager, r), } for r in roles ] diff --git a/src/plone/restapi/tests/http-examples/roles.resp b/src/plone/restapi/tests/http-examples/roles.resp index 936f5b2b71..7b282e9166 100644 --- a/src/plone/restapi/tests/http-examples/roles.resp +++ b/src/plone/restapi/tests/http-examples/roles.resp @@ -5,49 +5,42 @@ Content-Type: application/json { "@id": "http://localhost:55001/plone/@roles/Contributor", "@type": "role", - "can_assign": true, "id": "Contributor", "title": "Contributor" }, { "@id": "http://localhost:55001/plone/@roles/Editor", "@type": "role", - "can_assign": true, "id": "Editor", "title": "Editor" }, { "@id": "http://localhost:55001/plone/@roles/Member", "@type": "role", - "can_assign": true, "id": "Member", "title": "Member" }, { "@id": "http://localhost:55001/plone/@roles/Reader", "@type": "role", - "can_assign": true, "id": "Reader", "title": "Reader" }, { "@id": "http://localhost:55001/plone/@roles/Reviewer", "@type": "role", - "can_assign": true, "id": "Reviewer", "title": "Reviewer" }, { "@id": "http://localhost:55001/plone/@roles/Site Administrator", "@type": "role", - "can_assign": true, "id": "Site Administrator", "title": "Site Administrator" }, { "@id": "http://localhost:55001/plone/@roles/Manager", "@type": "role", - "can_assign": true, "id": "Manager", "title": "Manager" } diff --git a/src/plone/restapi/tests/test_services_roles.py b/src/plone/restapi/tests/test_services_roles.py index fb973876c5..3b10bf635f 100644 --- a/src/plone/restapi/tests/test_services_roles.py +++ b/src/plone/restapi/tests/test_services_roles.py @@ -46,49 +46,42 @@ def test_roles_endpoint_lists_roles(self): "@type": "role", "id": "Contributor", "title": "Contributor", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Editor", "@type": "role", "id": "Editor", "title": "Editor", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Member", "@type": "role", "id": "Member", "title": "Member", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Reader", "@type": "role", "id": "Reader", "title": "Reader", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Reviewer", "@type": "role", "id": "Reviewer", "title": "Reviewer", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Site Administrator", "@type": "role", "id": "Site Administrator", "title": "Site Administrator", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Manager", "@type": "role", "id": "Manager", "title": "Manager", - "can_assign": True, }, ) result = response.json() @@ -106,49 +99,42 @@ def test_siteadm_roles_endpoint_lists_roles(self): "@type": "role", "id": "Contributor", "title": "Contributor", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Editor", "@type": "role", "id": "Editor", "title": "Editor", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Member", "@type": "role", "id": "Member", "title": "Member", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Reader", "@type": "role", "id": "Reader", "title": "Reader", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Reviewer", "@type": "role", "id": "Reviewer", "title": "Reviewer", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Site Administrator", "@type": "role", "id": "Site Administrator", "title": "Site Administrator", - "can_assign": True, }, { "@id": self.portal_url + "/@roles/Manager", "@type": "role", "id": "Manager", "title": "Manager", - "can_assign": False, }, ) result = response.json()