Closed wesleybl closed 4 months ago
In #1712, the ability for the Site Administrator to manage users was added. But I noticed that he is unable to add a user to a group. He receives an Unauthorized error.
Unauthorized
The groups service uses the addMember method:
https://github.com/plone/plone.restapi/blob/16325f20b927f28ff03762687862dcaea9944da5/src/plone/restapi/services/groups/update.py#L125
This method checks if the user has the Manage Users permission:
Manage Users
https://github.com/plone/Products.PlonePAS/blob/d148e7eb50e52cddf954406c06026fb5e60f3da7/src/Products/PlonePAS/tools/groupdata.py#L223
But he doesn't.
@davisagli informed me that it is not a good idea to give Manager Users to the Site Administrator. See:
Manager Users
https://github.com/plone/plone.restapi/pull/1712#discussion_r1377057545
So the ideal is to do the same thing that was done in the other PR and do it with Plone Classic, correct?
Plone Classic use addPrincipalToGroup:
addPrincipalToGroup
https://github.com/plone/Products.CMFPlone/blob/f3096371d80c3ca8a5829c12976bd0ab2d2c08a4/Products/CMFPlone/controlpanel/browser/usergroups_groupmembership.py#L44
So we should use it here too.
In #1712, the ability for the Site Administrator to manage users was added. But I noticed that he is unable to add a user to a group. He receives an
Unauthorized
error.The groups service uses the addMember method:
https://github.com/plone/plone.restapi/blob/16325f20b927f28ff03762687862dcaea9944da5/src/plone/restapi/services/groups/update.py#L125
This method checks if the user has the
Manage Users
permission:https://github.com/plone/Products.PlonePAS/blob/d148e7eb50e52cddf954406c06026fb5e60f3da7/src/Products/PlonePAS/tools/groupdata.py#L223
But he doesn't.
@davisagli informed me that it is not a good idea to give
Manager Users
to the Site Administrator. See:https://github.com/plone/plone.restapi/pull/1712#discussion_r1377057545
So the ideal is to do the same thing that was done in the other PR and do it with Plone Classic, correct?
Plone Classic use
addPrincipalToGroup
:https://github.com/plone/Products.CMFPlone/blob/f3096371d80c3ca8a5829c12976bd0ab2d2c08a4/Products/CMFPlone/controlpanel/browser/usergroups_groupmembership.py#L44
So we should use it here too.