fix(rest-api): accept locales portlet in addition to languages for language/locale operations (#34685)

[dsilvam]

Summary

• Root cause: LanguagesResource gated all write/sensitive operations on PortletID.LANGUAGES ("languages"), but the UI only exposes PortletID.LOCALES ("locales") to role assignments — making it impossible for non-admin users with the Locales portlet to add or edit locales.
• Fix: Added PortletID.LOCALES as a second accepted portlet at all 6 call sites in LanguagesResource (v2). WebResource.InitBuilder.requiredPortlet() already implements OR logic, so no framework changes were needed.
• Backward compatible: Users with the old "languages" portlet still work; admins are unaffected.

Changes

• dotCMS/src/main/java/com/dotcms/rest/api/v2/languages/LanguagesResource.java — 4 old-style webResource.init() calls converted to InitBuilder with both portlet IDs; 2 existing InitBuilder calls updated to add the second portlet ID.
• dotCMS/src/test/java/v2/languages/LanguagesResourceTest.java — 4 new unit tests (one per write endpoint) that use ArgumentCaptor + reflection to assert both "languages" and "locales" are in the required portlet set.

Test plan

• Run unit tests: ./mvnw test -pl :dotcms-core -Dtest=LanguagesResourceTest — all 10 pass
• Create a non-admin role with only the Locales portlet assigned; verify the user can add, edit, and delete locales without permission errors
• Verify admin users are unaffected
• Verify users with only the legacy Languages portlet still work (backward compatibility)

Refs: #34685

🤖 Generated with Claude Code

[claude]

Claude finished @dsilvam's task in 2m 5s —— View job

---

dotCMS Backend Review

• Load dotCMS conventions
• Get Java diff (commits 5e1128c→2aa38ff)
• Run 4 specialized sub-agents in parallel (Security, Database, Java Standards, REST API)
• Consolidate findings and post review

All four sub-agents returned NO_FINDINGS. The review comment has been updated.

[claude]

✅ dotCMS Backend Review: no issues found.