Merge pull request #526 from plone/report-non-existing-permissions

Report non existing permissions
plone · Apr 29, 2024 · f2ac29a · f2ac29a
2 parents 7cb4816 + ce18859
commit f2ac29a
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 4 deletions.
diff --git a/news/515.feature b/news/515.feature
@@ -0,0 +1,3 @@
+Report if a permission does not exist
+when calling `api.user.has_permission`.
+[gforcada]
diff --git a/src/plone/api/tests/test_env.py b/src/plone/api/tests/test_env.py
@@ -530,14 +530,15 @@ def test_adopt_user_different_username(self):
 
     def test_roles_restored_after_exception(self):
         """Tests that roles are restored after an exception."""
-        self.assertFalse(api.user.has_permission("Manage portal content"))
+        permission = "Manage properties"
+        self.assertFalse(api.user.has_permission(permission))
         try:
             with api.env.adopt_roles(["Manager"]):
-                self.assertTrue(api.user.has_permission("Manage portal content"))
+                self.assertTrue(api.user.has_permission(permission))
                 raise TestException("Test exception")
         except TestException:
             pass
-        self.assertFalse(api.user.has_permission("Manage portal content"))
+        self.assertFalse(api.user.has_permission(permission))
 
     def test_user_restored_after_exception(self):
         """Tests that roles are restored after an exception."""

diff --git a/src/plone/api/user.py b/src/plone/api/user.py
@@ -327,7 +327,18 @@ def has_permission(permission, username=None, user=None, obj=None):
         context = env.adopt_user(username, user)
 
     with context:
-        return bool(getSecurityManager().checkPermission(permission, obj))
+        return_value = bool(getSecurityManager().checkPermission(permission, obj))
+        if not return_value:
+            names = [x[0] for x in getPermissions()]
+            if permission not in names:
+                raise InvalidParameterError(
+                    "Cannot find a permission with name '{permission}'\n"
+                    "Available permissions are:\n"
+                    "{names}".format(
+                        permission=permission, names="\n".join(sorted(names))
+                    )
+                )
+        return return_value
 
 
 @required_parameters("roles")