Show message on lack of permission errors

plone · Nov 1, 2023 · a94d9f6 · a94d9f6
1 parent 260f343
commit a94d9f6
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 5 deletions.
diff --git a/src/plone/restapi/services/groups/add.py b/src/plone/restapi/services/groups/add.py
@@ -31,7 +31,9 @@ def reply(self):
         roles = data.get("roles", None)
 
         if not self.is_zope_manager and "Manager" in roles:
-            return self.reply_no_content(status=403)
+            raise BadRequest(
+                "You don't have permission to create a group with the 'Manager' role"
+            )
 
         email = data.get("email", None)
         title = data.get("title", None)

diff --git a/src/plone/restapi/services/groups/delete.py b/src/plone/restapi/services/groups/delete.py
@@ -2,6 +2,7 @@
 from plone.restapi.services import Service
 from Products.CMFCore.permissions import ManagePortal
 from Products.CMFCore.utils import getToolByName
+from zExceptions import BadRequest
 from zExceptions import NotFound
 from zope.component.hooks import getSite
 from zope.interface import implementer
@@ -45,7 +46,9 @@ def reply(self):
             raise NotFound("Trying to delete a non-existing group.")
 
         if not self.is_zope_manager and "Manager" in group.getRoles():
-            return self.reply_no_content(status=403)
+            raise BadRequest(
+                "You don't have permission to delete a group with the Manager role"
+            )
 
         delete_successful = portal_groups.removeGroup(self._get_group_id)
         if delete_successful:

diff --git a/src/plone/restapi/services/groups/update.py b/src/plone/restapi/services/groups/update.py
@@ -94,7 +94,9 @@ def reply(self):
         groups = data.get("groups", None)
 
         if not self.can_update(group, users, roles, groups):
-            return self.reply_no_content(status=403)
+            raise BadRequest(
+                "You don't have permission to assign a 'Manager' role to a group."
+            )
 
         # Disable CSRF protection
         if "IDisableCSRFProtection" in dir(plone.protect.interfaces):

diff --git a/src/plone/restapi/services/users/delete.py b/src/plone/restapi/services/users/delete.py
@@ -3,9 +3,10 @@
 from Products.CMFCore.interfaces import ISiteRoot
 from Products.CMFCore.permissions import ManagePortal
 from Products.CMFCore.utils import getToolByName
+from zExceptions import BadRequest
+from zope.component import getUtility
 from zope.interface import implementer
 from zope.publisher.interfaces import IPublishTraverse
-from zope.component import getUtility
 
 
 FALSE_VALUES = (0, "0", False, "false", "no")
@@ -46,7 +47,9 @@ def reply(self):
         if not self.is_zope_manager:
             current_roles = user.getRoles()
             if "Manager" in current_roles:
-                return self.reply_no_content(status=403)
+                raise BadRequest(
+                    "You don't have permission to delete a user with 'Manager' role."
+                )
 
         delete_memberareas = (
             self.request.get("delete_memberareas", True) not in FALSE_VALUES