Commit e4b3fa74 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

use enumerateUsers instead of ad-hoc getPersonByReference and getLoginObject.

parent 5570c555
...@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin): ...@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self.getPortalType() + '_setReference_' + value.encode('hex') self.getPortalType() + '_setReference_' + value.encode('hex')
# Check that there no existing user # Check that there no existing user
erp5_users = portal.acl_users.erp5_users erp5_users = portal.acl_users.erp5_users
login = erp5_users.getLoginObject(value, self.getPortalType()) user_list = erp5_users.enumerateUsers(login=value)
if login is not None and login != self and \ if [x for x in user_list if x.get('login', {}).get('path', '') != self.getPath()]:
login != self.getParentValue():
raise RuntimeError, 'user id %s already exist' % (value,) raise RuntimeError, 'user id %s already exist' % (value,)
# Check that there is no reindexation related to reference indexation # Check that there is no reindexation related to reference indexation
if portal.portal_activities.countMessageWithTag(tag): if portal.portal_activities.countMessageWithTag(tag):
...@@ -95,4 +94,4 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin): ...@@ -95,4 +94,4 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self.reindexObject(activate_kw=activate_kw) self.reindexObject(activate_kw=activate_kw)
# invalid the cache for ERP5Security # invalid the cache for ERP5Security
portal_caches = portal.portal_caches portal_caches = portal.portal_caches
portal_caches.clearCache(cache_factory_list=('erp5_content_short', )) portal_caches.clearCache(cache_factory_list=('erp5_content_short', ))
\ No newline at end of file
...@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString ...@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString
portal = context.getPortalObject() portal = context.getPortalObject()
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
person = context.acl_users.erp5_users.getPersonByReference(user.getId()) person = portal.restrictedTraverse(portal.acl_users.erp5_users.enumerateUsers(id=user.getId())[0]['path'])
for login in person.objectValues(portal_type='ERP5 Login'): for login in person.objectValues(portal_type='ERP5 Login'):
if login.getReference() == reference and login.getValidationState() == 'validated': if login.getReference() == reference and login.getValidationState() == 'validated':
break break
......
...@@ -272,8 +272,10 @@ class PasswordTool(BaseTool): ...@@ -272,8 +272,10 @@ class PasswordTool(BaseTool):
# XXX: incorrect grammar # XXX: incorrect grammar
return error("Date has expire.") return error("Date has expire.")
del self._password_request_dict[password_key] del self._password_request_dict[password_key]
login = self.getPortalObject().acl_users.erp5_users.getLoginObject( login = self.getPortalObject().unrestrictedTraverse(
register_user_login, 'ERP5 Login') self.getPortalObject().acl_users.erp5_users.enumerateUsers(
login=register_user_login,
login_portal_type='ERP5 Login')[0]['login']['path'])
login._forceSetPassword(password) login._forceSetPassword(password)
login.reindexObject() login.reindexObject()
return redirect(REQUEST, site_url, return redirect(REQUEST, site_url,
......
...@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec ...@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
category_list = [] category_list = []
person_object = self.getPortalObject().acl_users.erp5_users.getPersonByReference(user_name) user_list = self.getPortalObject().acl_users.erp5_users.enumerateUsers(id=user_name)
if person_object is None: if not user_list or not 'path' in user_list[0]:
# if a person_object was not found in the module, we do nothing more # if a person_object was not found in the module, we do nothing more
# this happens for example when a manager with no associated person object # this happens for example when a manager with no associated person object
# creates a person_object for a new user # creates a person_object for a new user
return [] return []
else:
person_object = self.getPortalObject().unrestrictedTraverse(user_list[0]['path'])
# We look for every valid assignments of this user # We look for every valid assignments of this user
for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}): for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
......
...@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin): ...@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin):
self.REQUEST['USER_CREATION_IN_PROGRESS'] = user self.REQUEST['USER_CREATION_IN_PROGRESS'] = user
else: else:
# create the user if not found # create the user if not found
person_list = self.erp5_users.getPersonByReference(user) user_list = self.erp5_users.enumerateUsers(id=user)
if len(person_list) == 0: if not user_list:
sm = getSecurityManager() sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER: if sm.getUser().getId() != SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER)) newSecurityManager(self, self.getUser(SUPER_USER))
......
...@@ -31,7 +31,7 @@ import sys ...@@ -31,7 +31,7 @@ import sys
from zLOG import LOG, WARNING from zLOG import LOG, WARNING
from ERP5UserManager import SUPER_USER, getUserByLogin from ERP5UserManager import SUPER_USER
# It can be useful to set NO_CACHE_MODE to 1 in order to debug # It can be useful to set NO_CACHE_MODE to 1 in order to debug
# complex security issues related to caching groups. For example, # complex security issues related to caching groups. For example,
...@@ -117,9 +117,16 @@ class ERP5GroupManager(BasePlugin): ...@@ -117,9 +117,16 @@ class ERP5GroupManager(BasePlugin):
security_definition_list = mapping_method() security_definition_list = mapping_method()
# get the person from its login - no security check needed # get the person from its login - no security check needed
person_object = self.erp5_users.getPersonByReference(user_name) user_list = self.erp5_users.enumerateUsers(id=user_name)
if person_object is None: # no person is linked to this user login if not user_list:
return () return ()
else:
path = user_list[0].get('path')
if path:
person_object = self.getPortalObject().unrestrictedTraverse(path)
else:
# not ERP5 user
return ()
# Fetch category values from defined scripts # Fetch category values from defined scripts
for (method_name, base_category_list) in security_definition_list: for (method_name, base_category_list) in security_definition_list:
......
...@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel ...@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
from Products.ERP5Security.ERP5UserManager import SUPER_USER,\
_AuthenticationFailure
from Crypto.Cipher import AES from Crypto.Cipher import AES
from Crypto import Random from Crypto import Random
......
...@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug ...@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
IUserEnumerationPlugin IUserEnumerationPlugin
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from DateTime import DateTime from DateTime import DateTime
from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER, _AuthenticationFailure from Products.ERP5Security.ERP5UserManager import ERP5UserManager
from BTrees.OOBTree import OOBTree from BTrees.OOBTree import OOBTree
from zLOG import LOG, INFO, WARNING from zLOG import LOG, INFO, WARNING
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment