Fix site setup access check by using @actions endpoint to validate pe…

…rmissions.

packages/volto/news/6355.bugfix

@@ -0,0 +1 @@
+Fix site setup access check by using @actions endpoint to validate permissions. @Faakhir30

packages/volto/src/components/manage/Toolbar/PersonalTools.jsx

@@ -9,15 +9,12 @@ import { FormattedMessage, useIntl, defineMessages } from 'react-intl';
 import { Icon } from '@plone/volto/components';
 import { getUser } from '@plone/volto/actions';
 import { Pluggable } from '@plone/volto/components/manage/Pluggable';
-import {
- expandToBackendURL,
- getBaseUrl,
- userHasRoles,
-} from '@plone/volto/helpers';
+import { expandToBackendURL, getBaseUrl } from '@plone/volto/helpers';
 import logoutSVG from '@plone/volto/icons/log-out.svg';
 import rightArrowSVG from '@plone/volto/icons/right-key.svg';
 import backSVG from '@plone/volto/icons/back.svg';
 import cameraSVG from '@plone/volto/icons/camera.svg';
+import { find } from 'lodash';
 
 const messages = defineMessages({
  back: {
@@ -50,7 +47,9 @@ const PersonalTools = (props) => {
  const token = useSelector((state) => state.userSession.token, shallowEqual);
  const user = useSelector((state) => state.users.user);
  const userId = token ? jwtDecode(token).sub : '';
-
+ const siteSetupAction = find(props.actions.user, {
+ id: 'plone_setup',
+ });
  useEffect(() => {
  dispatch(getUser(userId));
  }, [dispatch, userId]);
@@ -127,7 +126,7 @@ const PersonalTools = (props) => {
  </button>
  </li>
 
- {userHasRoles(user, ['Site Administrator', 'Manager']) && (
+ {siteSetupAction && (
  <li>
  <Link to="/controlpanel">
  <FormattedMessage id="Site Setup" defaultMessage="Site Setup" />

packages/volto/src/components/manage/Toolbar/Toolbar.jsx

@@ -445,6 +445,7 @@ class Toolbar extends Component {
  theToolbar={this.toolbarWindow}
  key={`personalToolsComponent-${index}`}
  closeMenu={this.closeMenu}
+ actions={this.props.actions}
  content={
  toolbarComponents[component].contentAsProps
  ? this.props.content