Ticket #3211 (closed Bug: fixed)

Opened 11 years ago

Last modified 6 years ago

Permissions changes to allow non-managers to mange users

Reported by: alecm Owned by:
Priority: minor Milestone: 2.1
Component: General Version:
Keywords: Cc:


It would be nice if it were easier in Plone to grant the ability to manage users to non-managers. Currently this requires either assigning the drastic 'Manage portal' permission or a large amount of customization, primarily because a few specific methods require this seemingly overused permission. As these methods are used exclusively (as far as I can tell) for managing users, it would perhaps be more sensible to have them protected by the 'Manage users' permission, so that granting that permission to a role/group along with the addition of an action leading to the prefs_users_overview template would be all that is necessary to grant a user the ability to manage users. The methods which would need their security declarations modified are:

MembershipTool.getMemberById() MembershipTool.listMembers() MembershipTool.listMemberIds() PloneTool.setMemberProperties()

Making those methods protected by 'Manage users' which by default is assigned only to Manager, would be a great start in increasing the security granularity of plone. I just noticed that CMF head has already made the first three changes to its MembershipTool, so all that really needs to be done is the last (plone specific) change. Though it might not be a bad idea to override them all in plone (temporarily) so that users not running on CMF head (probably all users) can take advantage of the increased granularity. Thanks.

Change History

comment:1 Changed 11 years ago by geoff

There's work underway to do exactly that in the CMFMember product. I'm not sure that it's in there yet, but that's probably the most productive place to work on such things.

comment:2 Changed 11 years ago by alecm

Yes, I noted that in my request. Perhaps I'll file an CMF collector issue to see if those changes can be backported to the 1.4 branch, otherwise it may be a long time before anybody can use them. The PloneTool.setMemberProperties() issue, on the other hand is a Plone only issue though, and hopefully can be fixed as well. Thanks.

comment:3 Changed 10 years ago by limi

Not sure this is something we can fix in Plone, sounds like a CMF issue to me. Was it reported?

comment:4 Changed 10 years ago by alecm

  • Status changed from new to closed
  • Resolution set to fixed

CMF 1.5 fixed all but the one in PloneTool, which is fixed in 2.1 svn.

comment:5 Changed 6 years ago by hannosch

  • Component changed from Permissions to Infrastructure

comment:6 Changed 3 years ago by davisagli

  • Component changed from Infrastructure to General
Note: See TracTickets for help on using tickets.