Ticket #3211 (closed Bug: fixed)
Permissions changes to allow non-managers to mange users
| Reported by: | alecm | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 2.1 |
| Component: | Infrastructure | Version: | |
| Severity: | Keywords: | ||
| Cc: |
Description
It would be nice if it were easier in Plone to grant the ability to manage users to non-managers. Currently this requires either assigning the drastic 'Manage portal' permission or a large amount of customization, primarily because a few specific methods require this seemingly overused permission. As these methods are used exclusively (as far as I can tell) for managing users, it would perhaps be more sensible to have them protected by the 'Manage users' permission, so that granting that permission to a role/group along with the addition of an action leading to the prefs_users_overview template would be all that is necessary to grant a user the ability to manage users. The methods which would need their security declarations modified are:
MembershipTool.getMemberById() MembershipTool.listMembers() MembershipTool.listMemberIds() PloneTool.setMemberProperties()
Making those methods protected by 'Manage users' which by default is assigned only to Manager, would be a great start in increasing the security granularity of plone. I just noticed that CMF head has already made the first three changes to its MembershipTool, so all that really needs to be done is the last (plone specific) change. Though it might not be a bad idea to override them all in plone (temporarily) so that users not running on CMF head (probably all users) can take advantage of the increased granularity. Thanks.
Change History
comment:2 Changed 8 years ago by alecm
Yes, I noted that in my request. Perhaps I'll file an CMF collector issue to see if those changes can be backported to the 1.4 branch, otherwise it may be a long time before anybody can use them. The PloneTool.setMemberProperties() issue, on the other hand is a Plone only issue though, and hopefully can be fixed as well. Thanks.
comment:3 Changed 7 years ago by limi
Not sure this is something we can fix in Plone, sounds like a CMF issue to me. Was it reported?
There's work underway to do exactly that in the CMFMember product. I'm not sure that it's in there yet, but that's probably the most productive place to work on such things.