Fix regression when visiting personal information as Manager.

Add extra test with Manager visiting both user and personal information. In the initial backport of this fix, I saw a regression: as Manager visit the user information of a member, then go to your personal information, and you see the fullname, etc, of the member. Tried on Plone 6 as well, but there it goes fine.
plone · Feb 10, 2023 · 104b78f · 104b78f
1 parent b1fac96
commit 104b78f
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/plone/app/users/browser/userdatapanel.py b/plone/app/users/browser/userdatapanel.py
@@ -98,8 +98,13 @@ def __call__(self):
 def getUserDataSchema():
     portal = get_portal()
     form_name = u'In User Profile'
-    if getSecurityManager().checkPermission('Manage portal', portal):
-        form_name = None
+    # This is needed on Plone 6, but has a bad side effect on Plone 5:
+    # as Manager you go to a member and then to your own personal-information
+    # form and you see the data of the member you just visited.
+    # I keep the code here commented out as warning in case someone compares
+    # the code.
+    # if getSecurityManager().checkPermission('Manage portal', portal):
+    #     form_name = None
     schema = getSchema(IUserDataSchema, UserDataPanelAdapter, form_name=form_name)
     return schema
 

diff --git a/plone/app/users/tests/test_schema_types.py b/plone/app/users/tests/test_schema_types.py
@@ -251,3 +251,25 @@ def test_regression_76_personal_information(self):
         self.assertEqual(self.browser.getControl('Full Name').value, 'Isaac Newton')
         self.assertEqual(self.browser.getControl('Email').value, 'isaac@cambridge.com')
         self.assertEqual(self.browser.getControl('Age').value, '40')
+
+        # Now login as Manager.
+        self.browser.getLink('Log out').click()
+        self.browser.getLink('Log in').click()
+        self.browser.getControl('Login Name').value = SITE_OWNER_NAME
+        self.browser.getControl('Password').value = SITE_OWNER_PASSWORD
+        self.browser.getControl('Log in').click()
+
+        # Check the information page of the user.
+        self.browser.open("{}/@@user-information?userid={}".format(
+            portal_url, TEST_USER_ID
+        ))
+        self.assertEqual(self.browser.getControl('Full Name').value, 'Isaac Newton')
+        self.assertEqual(self.browser.getControl('Email').value, 'isaac@cambridge.com')
+        self.assertEqual(self.browser.getControl('Age').value, '40')
+
+        # Check the personal information page of the manager.
+        # Nothing should be visible here.
+        self.browser.open(info_page)
+        self.assertEqual(self.browser.getControl('Full Name').value, '')
+        self.assertEqual(self.browser.getControl('Email').value, '')
+        self.assertEqual(self.browser.getControl('Age').value, '0')