Commit 4bc67ddd authored by Jean-Paul Smets's avatar Jean-Paul Smets

Added support for ERP5Security


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4171 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 2c50316b
...@@ -45,9 +45,22 @@ from Products.CMFCore.Expression import Expression ...@@ -45,9 +45,22 @@ from Products.CMFCore.Expression import Expression
from Products.PageTemplates.Expressions import getEngine from Products.PageTemplates.Expressions import getEngine
import os, time, urllib import os, time, urllib
from zLOG import LOG from zLOG import LOG
# Security uses ERP5Security by default
try:
from Products.ERP5Security import ERP5UserManager
withnuxgroups = 0
except ImportError:
ERP5UserManager = None
# If NuxUserGroups is installed and ERP5Security is not installed, we use NuxUserGroups groups
try:
from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsersh
withnuxgroups = 1
except ImportError:
withnuxgroups = 0
class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
def __setattr__(self, name, value): def __setattr__(self, name, value):
...@@ -62,18 +75,11 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): ...@@ -62,18 +75,11 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
Return a list of roles and users with View permission. Return a list of roles and users with View permission.
Used by PortalCatalog to filter out items you're not allowed to see. Used by PortalCatalog to filter out items you're not allowed to see.
""" """
# Try to import CPS (import here to make sure no circular)
try:
from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
withgroups = 1
except ImportError:
withgroups = 0
ob = self.__ob ob = self.__ob
allowed = {} allowed = {}
for r in rolesForPermissionOn('View', ob): for r in rolesForPermissionOn('View', ob):
allowed[r] = 1 allowed[r] = 1
if withgroups: if withnuxgroups:
localroles = mergedLocalRoles(ob, withgroups=1) localroles = mergedLocalRoles(ob, withgroups=1)
else: else:
# CMF # CMF
...@@ -99,13 +105,13 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): ...@@ -99,13 +105,13 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
for user, roles in localroles.items(): for user, roles in localroles.items():
for role in roles: for role in roles:
if allowed.has_key(role): if allowed.has_key(role):
if withgroups: if withnuxgroups:
allowed[user] = 1 allowed[user] = 1
else: else:
allowed['user:' + user] = 1 allowed['user:' + user] = 1
# Added for ERP5 project by JP Smets # Added for ERP5 project by JP Smets
if role != 'Owner': if role != 'Owner':
if withgroups: if withnuxgroups:
allowed[user + ':' + role] = 1 allowed[user + ':' + role] = 1
else: else:
allowed['user:' + user + ':' + role] = 1 allowed['user:' + user + ':' + role] = 1
...@@ -235,10 +241,23 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -235,10 +241,23 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return msg return msg
def _listAllowedRolesAndUsers(self, user): def _listAllowedRolesAndUsers(self, user):
try: if ERP5UserManager is not None:
from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers # We use ERP5Security PAS based authentication
result = CMFCoreCatalogTool._listAllowedRolesAndUsers(self, user)
# deal with groups
getGroups = getattr(user, 'getGroups', None)
if getGroups is not None:
groups = user.getGroups()
groups.append('role:Anonymous')
if 'Authenticated' in result:
groups.append('role:Authenticated')
for group in groups:
result.append('user:%s' % group)
# end groups
return result
elif withnuxgroups:
return _getAllowedRolesAndUsers(user) return _getAllowedRolesAndUsers(user)
except ImportError: else:
return CMFCoreCatalogTool._listAllowedRolesAndUsers(self, user) return CMFCoreCatalogTool._listAllowedRolesAndUsers(self, user)
# Schema Management # Schema Management
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment