davisagli
commented
1 month ago Using the actions endpoint sounds like a good way to do this. We already do that for other things in the toolbar.
Closed JeffersonBledsoe closed 3 weeks ago
davisagli
commented
1 month ago Using the actions endpoint sounds like a good way to do this. We already do that for other things in the toolbar.
Describe the bug
As explained in https://github.com/plone/volto/pull/6346#discussion_r1778677272 and https://github.com/plone/volto/pull/6346#discussion_r1779287716, the current Site Setup button does a check for the role of a user to see if they are able to access the site setup. This makes the assumption that these roles have the correct permission, but it is possible for the permission required and the roles assigned to it to be change, causing a mismatch between the frontend and backend.
We should likely use the
@actionsendpoint to see whether theplone_setupkey is available to know if the user can access the site setup