Skip to content

Commit

Permalink
Simplifies role logic that defines whether the user can update roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@wesleybl
wesleybl committed Nov 1, 2023
1 parent 51eab0c commit f126902
Showing 1 changed file with 3 additions and 5 deletions.
8 changes: 3 additions & 5 deletions src/plone/restapi/services/users/update.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,10 @@ def __init__(self, context, request):
def is_zope_manager(self):
return getSecurityManager().checkPermission(ManagePortal, self.context)

def can_change_manager_role(self, target_roles, current_roles):
def can_change_roles(self, target_roles, current_roles):
if self.is_zope_manager:
return True
if "Manager" not in current_roles:
return "Manager" not in list(target_roles)
return "Manager" in list(target_roles)
return ("Manager" in current_roles) == ("Manager" in list(target_roles))

def can_change(self, current_roles):
if self.is_zope_manager:
Expand Down Expand Up @@ -113,7 +111,7 @@ def reply(self):
target_roles = set(current_roles) - set(to_remove)
target_roles = target_roles | set(to_add)

if not self.can_change_manager_role(target_roles, current_roles):
if not self.can_change_roles(target_roles, current_roles):
return self._error(
403,
"Forbidden",
Expand Down

0 comments on commit f126902

Please sign in to comment.