Skip to content

[RECYCLE BIN] Implement permission for accessing recyclebin #4176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rohnsha0 wants to merge 7 commits into
base: rohnsha0-plip-recyclebin
Choose a base branch
from
Open

[RECYCLE BIN] Implement permission for accessing recyclebin #4176

rohnsha0 wants to merge 7 commits into from
+63 −5

Conversation

@rohnsha0
Copy link
Member

@rohnsha0 rohnsha0 commented May 14, 2025
edited
Loading

fixes #4173

includes:-

  • centralised features custom permission
  • recyclebin content filters out contents deleted or owned by a user, but all contents shown to site admin/manager

@rohnsha0 rohnsha0 requested a review from davisagli May 14, 2025 15:58
@rohnsha0 rohnsha0 linked an issue May 14, 2025 that may be closed by this pull request
Recycle bin: allow non-admins to access the recycle bin? #4173
Open
stevepiercy
stevepiercy requested changes May 14, 2025
View reviewed changes
Copy link
Contributor

@stevepiercy stevepiercy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Casing of recycle bin. Otherwise this looks good. Needs a technical review.

@rohnsha0 rohnsha0 mentioned this pull request May 17, 2025
Closed
davisagli
davisagli requested changes May 21, 2025
View reviewed changes
Products/CMFPlone/browser/recyclebin.py Outdated

def _get_context(self):
"""Get the context (Plone site)"""
return self.context
Copy link
Member

@davisagli davisagli May 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't appear to be used.

Products/CMFPlone/recyclebin.py Outdated
# Additional check for Manager or Site Administrator roles
user = sm.getUser()
user_roles = user.getRolesInContext(context)
return "Manager" in user_roles or "Site Administrator" in user_roles
Copy link
Member

@davisagli davisagli May 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the explicit check for roles. That's already included in the checkPermission call (it checks that the current user has one of the roles for which the permission has been granted)

Products/CMFPlone/recyclebin.py Outdated
"""Stores deleted content items"""

# Permission for managing recycle bin
MANAGE_RECYCLEBIN = "Products.CMFPlone.ManageRecycleBin"
Copy link
Member

@davisagli davisagli May 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be "Manage recycle bin". checkPermission uses the permission's title, not its id

Copy link
Member Author

@rohnsha0 rohnsha0 May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Products/CMFPlone/recyclebin.py Outdated
1. They have the ManageRecycleBin permission, or
2. They are a Manager or Site Administrator, or
3. They are the owner of the item, or
4. They deleted the item
Copy link
Member

@davisagli davisagli May 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 and 4 are a nice idea, but currently the "Manage recycle bin" permission is only granted to Managers and Site Administrators, which means that the recycle bin can't be accessed by users who don't have one of those roles.

There are a lot of details to get right here. I strongly suggest we focus on making this work only for Managers and Site Administrators for now, and then come back to it later if we want to provide more filtered access to other users.

Copy link
Member Author

@rohnsha0 rohnsha0 May 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done
will soon create an issue for tracking

edit: #4185

Products/CMFPlone/tests/test_recyclebin.py Outdated
# Log in as the test user
user = self.portal.acl_users.getUser("testuser")
user = user.__of__(self.portal.acl_users)
newSecurityManager(None, user)
Copy link
Member

@davisagli davisagli May 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the login function from plone.app.testing

Copy link
Member Author

@rohnsha0 rohnsha0 May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@rohnsha0 rohnsha0 mentioned this pull request May 23, 2025
Open
@rohnsha0 rohnsha0 requested a review from davisagli May 29, 2025 15:51
@rohnsha0 rohnsha0 mentioned this pull request Sep 16, 2025
Open
@rohnsha0 rohnsha0 changed the base branch from rohnsha0-plip-recyclebin to rohnsha0-plip-recyclebin-patch September 21, 2025 10:28
@rohnsha0 rohnsha0 changed the base branch from rohnsha0-plip-recyclebin-patch to rohnsha0-plip-recyclebin September 21, 2025 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevepiercy stevepiercy stevepiercy requested changes

@davisagli davisagli Awaiting requested review from davisagli

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Recycle bin: allow non-admins to access the recycle bin?

4 participants

@rohnsha0 @davisagli @stevepiercy