Have you ever feel the need to give to normal (AKA: not Manager/Site Administrator) Plone member the power to manage a group?
Right now in Plone you can make this possible playin with the Manage users and Manage Groups.
Even playing with those permissions is impossible is to limit the group on which a member (or group of members) can manage.
Products.SimpleGroupsManagement is a Plone product that makes something very dangerous: with a minimal configuration, a member of the Plone portal (or all members in a group) will be able to manage the users of a group overriding the basic portal security. You only need to go to the portal_properties tool of you portal and modifiy the new simple_groups_management_properties.
In the sgm_data section you need to insert a set of strings like
where id1, id2 can be user or group ids. This mean that the member (or group) id1 will be able to act on the group_id1 members.
You can also insert a list of groups ids that will be never handled by this product in the sgm_never_managed_groups section.
The utility also react to the Add portal members permission. If the current user has this permission you will be able to add new portal members (so no security break for this).
When an user is added to a group or removed, an event will be raised.
This products override all normal Plone permissions noted above! This can create security black-holes in your portal!
· Plone CMS
What's New in This Release: [ read full changelog ]
· Added support for the Site Administrator role [keul]
· Moved action link to manage groups from portal_action to user section (in the proper Plone 4 style way) [keul]
· Added a proper uninstall procedure [keul]
· Updated templated to Plone 4 [keul]
· Added a project browserlayer [keul]
· Added missing translation strings [keul]
· HTML 5 fixes [keul]
· Search also by userid [keul]
· Fixed portal message problem [keul]