diff --git a/src/plone/restapi/permissions.py b/src/plone/restapi/permissions.py index 2ec5f585ae..af1e36b361 100644 --- a/src/plone/restapi/permissions.py +++ b/src/plone/restapi/permissions.py @@ -2,4 +2,5 @@ # permissions. Granted to Anonymous (i.e. everyone) by default via rolemap.xml UseRESTAPI = "plone.restapi: Use REST API" + PloneManageUsers = "Plone Site Setup: Users and Groups" diff --git a/src/plone/restapi/services/users/add.py b/src/plone/restapi/services/users/add.py index 151a15708f..2750d401fc 100644 --- a/src/plone/restapi/services/users/add.py +++ b/src/plone/restapi/services/users/add.py @@ -4,6 +4,7 @@ from plone.restapi.bbb import ISecuritySchema from plone.restapi.deserializer import json_body from plone.restapi.interfaces import ISerializeToJson +from plone.restapi.permissions import PloneManageUsers from plone.restapi.services import Service from Products.CMFCore.permissions import AddPortalMember from Products.CMFCore.permissions import SetOwnPassword @@ -244,7 +245,7 @@ def _error(self, status, _type, msgid): @property def can_manage_users(self): sm = getSecurityManager() - return sm.checkPermission("Plone Site Setup: Users and Groups", self.context) + return sm.checkPermission(PloneManageUsers, self.context) @property def can_set_own_password(self): diff --git a/src/plone/restapi/services/users/get.py b/src/plone/restapi/services/users/get.py index d7536ff367..e900b7de6f 100644 --- a/src/plone/restapi/services/users/get.py +++ b/src/plone/restapi/services/users/get.py @@ -7,6 +7,7 @@ from plone.namedfile.browser import USE_DENYLIST from plone.namedfile.utils import stream_data from plone.restapi.interfaces import ISerializeToJson +from plone.restapi.permissions import PloneManageUsers from plone.restapi.services import Service from Products.CMFCore.utils import getToolByName from Products.CMFPlone.utils import normalizeString @@ -177,11 +178,11 @@ def _get_filtered_users(self, query, groups_filter, search_term, limit): def has_permission_to_query(self): sm = getSecurityManager() - return sm.checkPermission("Plone Site Setup: Users and Groups", self.context) + return sm.checkPermission(PloneManageUsers, self.context) def has_permission_to_enumerate(self): sm = getSecurityManager() - return sm.checkPermission("Plone Site Setup: Users and Groups", self.context) + return sm.checkPermission(PloneManageUsers, self.context) def has_permission_to_access_user_info(self): sm = getSecurityManager() diff --git a/src/plone/restapi/services/users/update.py b/src/plone/restapi/services/users/update.py index b3699b9444..428727d1c3 100644 --- a/src/plone/restapi/services/users/update.py +++ b/src/plone/restapi/services/users/update.py @@ -4,6 +4,7 @@ from OFS.Image import Image from plone.restapi import _ from plone.restapi.bbb import ISecuritySchema +from plone.restapi.permissions import PloneManageUsers from plone.restapi.services import Service from Products.CMFCore.permissions import ManagePortal from Products.CMFCore.permissions import SetOwnPassword @@ -160,7 +161,7 @@ def reply(self): @property def can_manage_users(self): sm = getSecurityManager() - return sm.checkPermission("Plone Site Setup: Users and Groups", self.context) + return sm.checkPermission(PloneManageUsers, self.context) @property def can_set_own_password(self):