diff --git a/bt5/erp5_budget/SkinTemplateItem/portal_skins/erp5_budget.xml b/bt5/erp5_budget/SkinTemplateItem/portal_skins/erp5_budget.xml index e6d7035b5c9872786846ffb40bf00d524f88a469..87186a44a79cd4d8b26076ec4e6736118703cdb8 100644 --- a/bt5/erp5_budget/SkinTemplateItem/portal_skins/erp5_budget.xml +++ b/bt5/erp5_budget/SkinTemplateItem/portal_skins/erp5_budget.xml @@ -9,12 +9,6 @@ </pickle> <pickle> <dictionary> - <item> - <key> <string>__ac_local_group_roles__</string> </key> - <value> - <dictionary/> - </value> - </item> <item> <key> <string>_local_properties</string> </key> <value> diff --git a/bt5/erp5_budget/bt/revision b/bt5/erp5_budget/bt/revision index 34251f6b242e79eb02dc1c4040ddbaa9fc924fce..030d25b2869afffec1b755ad29fb9a35ad53a952 100644 --- a/bt5/erp5_budget/bt/revision +++ b/bt5/erp5_budget/bt/revision @@ -1 +1 @@ -247 \ No newline at end of file +248 \ No newline at end of file diff --git a/bt5/erp5_ingestion/ToolTemplateItem/portal_contributions.xml b/bt5/erp5_ingestion/ToolTemplateItem/portal_contributions.xml index df2e54bb61b26cf7434ca6735f4591cf0a3220d3..209e44a78e9a1351a84fc76134a07c14b81037c7 100644 --- a/bt5/erp5_ingestion/ToolTemplateItem/portal_contributions.xml +++ b/bt5/erp5_ingestion/ToolTemplateItem/portal_contributions.xml @@ -1460,12 +1460,6 @@ </tuple> </value> </item> - <item> - <key> <string>__ac_local_group_roles__</string> </key> - <value> - <dictionary/> - </value> - </item> <item> <key> <string>_count</string> </key> <value> diff --git a/bt5/erp5_ingestion/bt/revision b/bt5/erp5_ingestion/bt/revision index 43c451e0c6da52ad30bb605a60c7cb34497f3d30..7c6ba0fe181de786f8f09b1b8cc1ad6bbc1dd5a4 100644 --- a/bt5/erp5_ingestion/bt/revision +++ b/bt5/erp5_ingestion/bt/revision @@ -1 +1 @@ -54 \ No newline at end of file +55 \ No newline at end of file diff --git a/product/ERP5/Document/BusinessTemplate.py b/product/ERP5/Document/BusinessTemplate.py index 95a543fb7850ba0002b30d88f72dabca3cb66311..2b9bb6d76ce703431ab20f2f36b256832e4312db 100644 --- a/product/ERP5/Document/BusinessTemplate.py +++ b/product/ERP5/Document/BusinessTemplate.py @@ -4468,36 +4468,21 @@ class LocalRolesTemplateItem(BaseTemplateItem): obj = p.unrestrictedTraverse(path.split('/', 1)[1]) local_roles_dict = getattr(obj, '__ac_local_roles__', {}) or {} - group_local_roles_dict = getattr(obj, '__ac_local_group_roles__', - {}) or {} - self._objects[path] = (local_roles_dict, group_local_roles_dict) + self._objects[path] = (local_roles_dict, ) # Function to generate XML Code Manually def generateXml(self, path=None): - local_roles_dict, group_local_roles_dict = self._objects[path] - local_roles_keys = local_roles_dict.keys() - group_local_roles_keys = group_local_roles_dict.keys() - local_roles_keys.sort() - group_local_roles_keys.sort() + local_roles_dict, = self._objects[path] # local roles xml_data = '<local_roles_item>' xml_data += '\n <local_roles>' - for key in local_roles_keys: + for key in sorted(local_roles_dict): xml_data += "\n <role id='%s'>" %(key,) tuple = local_roles_dict[key] for item in tuple: xml_data += "\n <item>%s</item>" %(item,) xml_data += '\n </role>' xml_data += '\n </local_roles>' - # group local roles - xml_data += '\n <group_local_roles>' - for key in group_local_roles_keys: - xml_data += "\n <role id='%s'>" %(key,) - tuple = group_local_roles_dict[key] - for item in tuple: - xml_data += '\n <item>%s</item>' %(item,) - xml_data += '\n </role>' - xml_data += '\n </group_local_roles>' xml_data += '\n</local_roles_item>' return xml_data @@ -4538,20 +4523,7 @@ class LocalRolesTemplateItem(BaseTemplateItem): for item in item_list: item_type_list.append(str(item.childNodes[0].data)) local_roles_dict[id] = item_type_list - # group local roles - group_local_roles = xml.getElementsByTagName('group_local_roles')[0] - local_roles_list = group_local_roles.getElementsByTagName('role') - group_local_roles_dict = {} - for role in local_roles_list: - id = role.getAttribute('id') - if isinstance(id, unicode): - id = id.encode('utf-8') - item_type_list = [] - item_list = role.getElementsByTagName('item') - for item in item_list: - item_type_list.append(str(item.childNodes[0].data)) - group_local_roles_dict[id] = item_type_list - self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, group_local_roles_dict) + self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, ) def install(self, context, trashbin, **kw): update_dict = kw.get('object_to_update') @@ -4565,9 +4537,8 @@ class LocalRolesTemplateItem(BaseTemplateItem): continue path = roles_path.split('/')[1:] obj = p.unrestrictedTraverse(path) - local_roles_dict, group_local_roles_dict = self._objects[roles_path] + local_roles_dict, = self._objects[roles_path] setattr(obj, '__ac_local_roles__', local_roles_dict) - setattr(obj, '__ac_local_group_roles__', group_local_roles_dict) def uninstall(self, context, **kw): p = context.getPortalObject() @@ -4575,7 +4546,6 @@ class LocalRolesTemplateItem(BaseTemplateItem): path = roles_path.split('/')[1:] obj = p.unrestrictedTraverse(path) setattr(obj, '__ac_local_roles__', {}) - setattr(obj, '__ac_local_group_roles__', {}) class BusinessTemplate(XMLObject): """ diff --git a/product/ERP5/ERP5Site.py b/product/ERP5/ERP5Site.py index 5a24301c1f09a7376fef1b8ba0effb721ca56d2a..b785bb87f94f9eaa333a5000df68127404891d28 100644 --- a/product/ERP5/ERP5Site.py +++ b/product/ERP5/ERP5Site.py @@ -1793,18 +1793,8 @@ class ERP5Generator(PortalGenerator): # Calling ERP5Site_reindexAll is useless. def setupUserFolder(self, p): - # We use if possible ERP5Security, then NuxUserGroups - try: from Products import ERP5Security from Products import PluggableAuthService - except ImportError: - ERP5Security = None - try: - import Products.NuxUserGroups - withnuxgroups = 1 - except ImportError: - withnuxgroups = 0 - if ERP5Security is not None: # Use Pluggable Auth Service instead of the standard acl_users. p.manage_addProduct['PluggableAuthService'].addPluggableAuthService() pas_dispatcher = p.acl_users.manage_addProduct['PluggableAuthService'] @@ -1842,12 +1832,6 @@ class ERP5Generator(PortalGenerator): p.acl_users.erp5_roles.manage_activateInterfaces(('IRolesPlugin',)) p.acl_users.erp5_user_factory.manage_activateInterfaces( ('IUserFactoryPlugin',)) - elif withnuxgroups: - # NuxUserGroups user folder - p.manage_addProduct['NuxUserGroups'].addUserFolderWithGroups() - else: - # Standard user folder - PortalGenerator.setupUserFolder(self, p) def setupPermissions(self, p): permission_dict = { diff --git a/product/ERP5/bootstrap/erp5_core/PathTemplateItem/portal_preferences/default_site_preference.xml b/product/ERP5/bootstrap/erp5_core/PathTemplateItem/portal_preferences/default_site_preference.xml index 6492156498a2389a18617badaec098474ce83492..93c6aa4d864fd7a0e57355ce411f8e174665e695 100644 --- a/product/ERP5/bootstrap/erp5_core/PathTemplateItem/portal_preferences/default_site_preference.xml +++ b/product/ERP5/bootstrap/erp5_core/PathTemplateItem/portal_preferences/default_site_preference.xml @@ -54,21 +54,6 @@ </tuple> </value> </item> - <item> - <key> <string>__ac_local_group_roles__</string> </key> - <value> - <dictionary> - <item> - <key> <string>role:Authenticated</string> </key> - <value> - <list> - <string>Auditor</string> - </list> - </value> - </item> - </dictionary> - </value> - </item> <item> <key> <string>_count</string> </key> <value> diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getUserAssignmentList.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getUserAssignmentList.xml deleted file mode 100644 index cd53d3b256899689bb31c1ed30441815bd2d25e2..0000000000000000000000000000000000000000 --- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getUserAssignmentList.xml +++ /dev/null @@ -1,172 +0,0 @@ -<?xml version="1.0"?> -<ZopeData> - <record id="1" aka="AAAAAAAAAAE="> - <pickle> - <tuple> - <global name="PythonScript" module="Products.PythonScripts.PythonScript"/> - <tuple/> - </tuple> - </pickle> - <pickle> - <dictionary> - <item> - <key> <string>Script_magic</string> </key> - <value> <int>3</int> </value> - </item> - <item> - <key> <string>_bind_names</string> </key> - <value> - <object> - <klass> - <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/> - </klass> - <tuple/> - <state> - <dictionary> - <item> - <key> <string>_asgns</string> </key> - <value> - <dictionary> - <item> - <key> <string>name_container</string> </key> - <value> <string>container</string> </value> - </item> - <item> - <key> <string>name_context</string> </key> - <value> <string>context</string> </value> - </item> - <item> - <key> <string>name_m_self</string> </key> - <value> <string>script</string> </value> - </item> - <item> - <key> <string>name_subpath</string> </key> - <value> <string>traverse_subpath</string> </value> - </item> - </dictionary> - </value> - </item> - </dictionary> - </state> - </object> - </value> - </item> - <item> - <key> <string>_body</string> </key> - <value> <string># XXX For now, this script requires proxy manager\n -\n -# user_folder: NuxUserGroups or PluggableAuthService at the root of the ERP5Site.\n -user_folder = context.portal_url.getPortalObject()[\'acl_users\']\n -\n -# This script must work with NuxUserGroup and PAS\n -PAS_installed = 0\n -if user_folder.meta_type == \'Pluggable Auth Service\':\n - PAS_installed = 1\n -\n -# get the current logged in user\n -if PAS_installed:\n - user_id = context.portal_membership.getAuthenticatedMember().getId()\n -else:\n - user_id = context.portal_membership.getAuthenticatedMember().getUserName()\n -person = context.person[user_id]\n -\n -assignment_list = person.contentValues(filter={\'portal_type\': \'Assignment\'})\n -\n -if len(assignment_list) == 0:\n - return []\n -\n -valid_assignment_list = []\n -\n -for a in assignment_list:\n - if a.getValidationState() == \'open\':\n - valid_assignment_list.append(a)\n -\n -return valid_assignment_list\n -</string> </value> - </item> - <item> - <key> <string>_code</string> </key> - <value> - <none/> - </value> - </item> - <item> - <key> <string>_params</string> </key> - <value> <string></string> </value> - </item> - <item> - <key> <string>_proxy_roles</string> </key> - <value> - <tuple> - <string>Manager</string> - </tuple> - </value> - </item> - <item> - <key> <string>errors</string> </key> - <value> - <tuple/> - </value> - </item> - <item> - <key> <string>func_code</string> </key> - <value> - <object> - <klass> - <global name="FuncCode" module="Shared.DC.Scripts.Signature"/> - </klass> - <tuple/> - <state> - <dictionary> - <item> - <key> <string>co_argcount</string> </key> - <value> <int>0</int> </value> - </item> - <item> - <key> <string>co_varnames</string> </key> - <value> - <tuple> - <string>_getitem_</string> - <string>_getattr_</string> - <string>context</string> - <string>user_folder</string> - <string>PAS_installed</string> - <string>user_id</string> - <string>person</string> - <string>assignment_list</string> - <string>len</string> - <string>valid_assignment_list</string> - <string>_getiter_</string> - <string>a</string> - </tuple> - </value> - </item> - </dictionary> - </state> - </object> - </value> - </item> - <item> - <key> <string>func_defaults</string> </key> - <value> - <none/> - </value> - </item> - <item> - <key> <string>id</string> </key> - <value> <string>Base_getUserAssignmentList</string> </value> - </item> - <item> - <key> <string>title</string> </key> - <value> <string></string> </value> - </item> - <item> - <key> <string>warnings</string> </key> - <value> - <tuple/> - </value> - </item> - </dictionary> - </pickle> - </record> -</ZopeData> diff --git a/product/ERP5/bootstrap/erp5_core/bt/revision b/product/ERP5/bootstrap/erp5_core/bt/revision index 6cacbad9048c06f3b986fa4cbe7ac6dc340441d1..a78b2873fd0aebc74dba531df36c0fd8b9dc8ae7 100644 --- a/product/ERP5/bootstrap/erp5_core/bt/revision +++ b/product/ERP5/bootstrap/erp5_core/bt/revision @@ -1 +1 @@ -1359 \ No newline at end of file +1360 \ No newline at end of file diff --git a/product/ERP5/tests/testBusinessTemplate.py b/product/ERP5/tests/testBusinessTemplate.py index 39932c23e7b9d2709dd3e1c61cb0ecf53a2a80da..d91bca6534f6b01349259e9a1d72760479b10f0c 100644 --- a/product/ERP5/tests/testBusinessTemplate.py +++ b/product/ERP5/tests/testBusinessTemplate.py @@ -1914,16 +1914,13 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor): """ new_local_roles = {'ac':['Owner', 'Manager'], 'group_function': ['Auditor']} - new_local_group_roles = {'role:Authenticated':['Owner', 'Manager']} p = self.getPortal() module_id = sequence.get('module_id') module = p._getOb(module_id, None) self.failUnless(module is not None) module.__ac_local_roles__ = new_local_roles - module.__ac_local_group_roles__ = new_local_group_roles self.assertEquals(module.__ac_local_roles__, new_local_roles) - self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles) - sequence.edit(local_roles=new_local_roles, local_group_roles=new_local_group_roles) + sequence.edit(local_roles=new_local_roles) def stepRemoveLocalRoles(self, sequence=None, sequence_list=None, **kw): """ @@ -1934,11 +1931,8 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor): module = p._getOb(module_id, None) self.failUnless(module is not None) module.__ac_local_roles__ = {'someone_else': ['Associate']} - module.__ac_local_group_roles__ = {} new_local_roles = sequence.get('local_roles') - new_local_group_roles = sequence.get('local_group_roles') self.assertNotEquals(module.__ac_local_roles__, new_local_roles) - self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles) def stepAddLocalRolesToBusinessTemplate(self, sequence=None, sequence_list=None, **kw): """ @@ -1954,26 +1948,22 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor): Check presence of local roles """ new_local_roles = sequence.get('local_roles') - new_local_group_roles = sequence.get('local_group_roles') p = self.getPortal() module_id = sequence.get('module_id') module = p._getOb(module_id, None) self.failUnless(module is not None) self.assertEquals(module.__ac_local_roles__, new_local_roles) - self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles) def stepCheckLocalRolesRemoved(self, sequence=None, sequence_list=None, **kw): """ Check non-presence of local roles """ new_local_roles = sequence.get('local_roles') - new_local_group_roles = sequence.get('local_group_roles') p = self.getPortal() module_id = sequence.get('module_id') module = p._getOb(module_id, None) self.failUnless(module is not None) self.assertNotEquals(module.__ac_local_roles__, new_local_roles) - self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles) # Document, Property Sheet, Extension And Test # they use the same class so only one test is required for them diff --git a/product/ERP5/tests/testImmobilisation.py b/product/ERP5/tests/testImmobilisation.py index 3aa9b58e47b47dde536f574c73dc4bf7dda4d780..3b1023b22b07dc36fa6f26952a6ad889ce7a5952 100644 --- a/product/ERP5/tests/testImmobilisation.py +++ b/product/ERP5/tests/testImmobilisation.py @@ -121,18 +121,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase): self.getUserFolder()._doAddUser('manager', '', all_roles, []) self.login('manager') self.assignPASRolesToUser('test_user_1_', all_roles) - - - def checkUserFolderType(self, quiet=0, run=run_all_test): - """ - Check the type of user folder to let the test working with both NuxUserGroup and PAS. - """ - self.user_folder = self.getUserFolder() - self.PAS_installed = 0 - if self.user_folder.meta_type == 'Pluggable Auth Service': - # we use PAS - self.PAS_installed = 1 - + + def assignPASRolesToUser(self, user_name, role_list, quiet=0, run=run_all_test): """ Assign a list of roles to one user with PAS. @@ -163,20 +153,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase): , group = user_data[3] , site = user_data[4] ) - if self.PAS_installed and len(user_roles) > 0: - # In the case of PAS, if we want global roles on user, we have to do it manually. - self.assignPASRolesToUser(user_login, user_roles) - elif not self.PAS_installed: - # The user_folder counterpart of the erp5 user must be - # created manually in the case of NuxUserGroup. - self.user_folder.userFolderAddUser( name = user_login - , password = '' - , roles = user_roles - , domains = [] - ) - # User assignment to security groups is also required, but is taken care of - # by the assignment workflow when NuxUserGroup is used and - # by ERP5Security PAS plugins in the context of PAS use. + # In the case of PAS, if we want global roles on user, we have to do it manually. + self.assignPASRolesToUser(user_login, user_roles) assignment.open() person.validate() @@ -234,7 +212,6 @@ class TestImmobilisationMixin(ERP5TypeTestCase): self.tic() self.workflow_tool = self.getWorkflowTool() - self.checkUserFolderType() def beforeTearDown(self): """ diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index 597e782435a45d2fbb96b8219e3b85cb67095a11..87f9a93ac4b9c606b8b7a2001d334a8c2eb500b0 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -35,7 +35,6 @@ from Products.ERP5Type.Cache import CachingMethod from AccessControl import ClassSecurityInfo, getSecurityManager from Products.CMFCore.CatalogTool import IndexableObjectWrapper as CMFCoreIndexableObjectWrapper from Products.CMFCore.utils import UniqueObject, _checkPermission, _getAuthenticatedUser, getToolByName -from Products.CMFCore.utils import _mergedLocalRoles from Products.ERP5Type.Globals import InitializeClass, DTMLFile, package_home from Acquisition import aq_base, aq_inner, aq_parent, ImplicitAcquisitionWrapper from DateTime.DateTime import DateTime @@ -49,6 +48,7 @@ from Products.CMFCore.Expression import Expression from Products.PageTemplates.Expressions import getEngine from MethodObject import Method +from Products.ERP5Security import mergedLocalRoles from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products.ERP5Type.Utils import sqlquote @@ -57,42 +57,11 @@ import sys from zLOG import LOG, PROBLEM, WARNING, INFO import sets -SECURITY_USING_NUX_USER_GROUPS, SECURITY_USING_PAS = range(2) ACQUIRE_PERMISSION_VALUE = [] -try: - from Products.PluggableAuthService import PluggableAuthService - PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type -except ImportError: - PAS_meta_type = '' -try: - from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles -except ImportError: - pass - -try: - from Products.NuxUserGroups import UserFolderWithGroups - NUG_meta_type = UserFolderWithGroups.meta_type -except ImportError: - NUG_meta_type = '' -try: - from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles - from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers -except ImportError: - pass - from Persistence import Persistent from Acquisition import Implicit -def getSecurityProduct(acl_users): - """returns the security used by the user folder passed. - (NuxUserGroup, ERP5Security, or None if anything else). - """ - if acl_users.meta_type == PAS_meta_type: - return SECURITY_USING_PAS - elif acl_users.meta_type == NUG_meta_type: - return SECURITY_USING_NUX_USER_GROUPS - class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): @@ -118,17 +87,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): result_key = '_cache_result' if result_key not in self.__dict__: ob = self.__ob - security_product = getSecurityProduct(ob.acl_users) - withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS - withpas = security_product == SECURITY_USING_PAS - - if withnuxgroups: - localroles = mergedLocalRoles(ob, withgroups=1) - elif withpas: - localroles = PAS_mergedLocalRoles(ob) - else: - # CMF - localroles = _mergedLocalRoles(ob) + localroles = mergedLocalRoles(ob) # For each group or user, we have a list of roles, this list # give in this order : [roles on object, roles acquired on the parent, # roles acquired on the parent of the parent....] @@ -170,10 +129,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): user_role_dict = {} user_view_permission_role_dict = {} for user, roles in localroles.iteritems(): - if withnuxgroups: - prefix = user - else: - prefix = 'user:' + user + prefix = 'user:' + user for role in roles: if (role in role_dict) and (getUserById(user) is not None): # If role is monovalued, check if key is a user. @@ -408,8 +364,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): return msg def _listAllowedRolesAndUsers(self, user): - security_product = getSecurityProduct(self.acl_users) - if security_product == SECURITY_USING_PAS: # We use ERP5Security PAS based authentication try: # check for proxy role in stack @@ -436,10 +390,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): result.append('user:%s' % group) # end groups return result - elif security_product == SECURITY_USING_NUX_USER_GROUPS: - return _getAllowedRolesAndUsers(user) - else: - return CMFCoreCatalogTool._listAllowedRolesAndUsers(self, user) # Schema Management def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None): diff --git a/product/ERP5Type/ERP5Type.py b/product/ERP5Type/ERP5Type.py index fa17a3ee30c17d234292705fd81b9c99572d17a6..086f2dd5d021fc84b198c9745e0eee1f2a76b773 100644 --- a/product/ERP5Type/ERP5Type.py +++ b/product/ERP5Type/ERP5Type.py @@ -35,22 +35,10 @@ from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod from Products.ERP5Type.Utils import deprecated, createExpressionContext from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.Cache import CachingMethod +from Products.ERP5Security import ERP5UserManager ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT = 'ERP5Type_asSecurityGroupId' -# Security uses ERP5Security by default -try: - from Products.ERP5Security import ERP5UserManager -except ImportError: - ERP5UserManager = None - -# If ERP5Security is not installed try NuxUserGroups -if ERP5UserManager is None: - try: - from Products import NuxUserGroups - except ImportError: - NuxUserGroups = None - from TranslationProviderBase import TranslationProviderBase from sys import exc_info @@ -81,48 +69,23 @@ class LocalRoleAssignorMixIn(object): if owner: user_name = owner[1] else: - #FIXME We should check the type of the acl_users folder instead of - # checking which product is installed. - if ERP5UserManager is not None: - # We use id for roles in ERP5Security - user_name = getSecurityManager().getUser().getId() - elif NuxUserGroups is not None: - user_name = getSecurityManager().getUser().getUserName() - else: - raise RuntimeError('Product "ERP5Security" was not found on your' - ' setup. Please install it to benefit from group-based security') + user_name = getSecurityManager().getUser().getId() group_id_role_dict = self.getLocalRolesFor(ob, user_name) - # Update role assignments to groups - if ERP5UserManager is not None: # Default implementation - # Clean old group roles - old_group_list = ob.get_local_roles() - ob.manage_delLocalRoles([x[0] for x in old_group_list]) - # Save the owner - for group, role_list in old_group_list: - if 'Owner' in role_list: - group_id_role_dict.setdefault(group, set()).add('Owner') - # Assign new roles - for group, role_list in group_id_role_dict.iteritems(): - if role_list: - ob.manage_addLocalRoles(group, role_list) - else: # NuxUserGroups implementation - # Clean old group roles - old_group_list = ob.get_local_group_roles() - # We duplicate role settings to mimic PAS - ob.manage_delLocalGroupRoles([x[0] for x in old_group_list]) - ob.manage_delLocalRoles([x[0] for x in old_group_list]) - # Save the owner - for group, role_list in old_group_list: - if 'Owner' in role_list: - group_id_role_dict.setdefault(group, set()).add('Owner') - # Assign new roles - for group, role_list in group_id_role_dict.iteritems(): - # We duplicate role settings to mimic PAS - ob.manage_addLocalGroupRoles(group, role_list) + ## Update role assignments to groups + # Clean old group roles + old_group_list = ob.get_local_roles() + ob.manage_delLocalRoles([x[0] for x in old_group_list]) + # Save the owner + for group, role_list in old_group_list: + if 'Owner' in role_list: + group_id_role_dict.setdefault(group, set()).add('Owner') + # Assign new roles + for group, role_list in group_id_role_dict.iteritems(): + if role_list: ob.manage_addLocalRoles(group, role_list) - # Make sure that the object is reindexed + ## Make sure that the object is reindexed if reindex: ob.reindexObjectSecurity() diff --git a/product/ERP5Type/tests/ERP5TypeTestCase.py b/product/ERP5Type/tests/ERP5TypeTestCase.py index 316982f7bf22049f17f1512d98996b00fa45c1cb..ad9912d25c77f25090462a14fafdb5f5edf4ab6d 100644 --- a/product/ERP5Type/tests/ERP5TypeTestCase.py +++ b/product/ERP5Type/tests/ERP5TypeTestCase.py @@ -123,7 +123,6 @@ ZopeTestCase.installProduct('PortalTransforms', quiet=install_product_quiet) ZopeTestCase.installProduct('MimetypesRegistry', quiet=install_product_quiet) # Security Stuff -ZopeTestCase.installProduct('NuxUserGroups', quiet=install_product_quiet) ZopeTestCase.installProduct('PluggableAuthService', quiet=install_product_quiet) ZopeTestCase.installProduct('ERP5Security', quiet=install_product_quiet)