Commit bba77211 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

use portal_membership._huntUser() instead of calling portal.acl_users.validate...

use portal_membership._huntUser() instead of calling portal.acl_users.validate directly, that does not work for root level zope users.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38533 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 26200864
...@@ -40,6 +40,7 @@ from Products.CMFCore.utils import getToolByName, _setCacheHeaders, _ViewEmulato ...@@ -40,6 +40,7 @@ from Products.CMFCore.utils import getToolByName, _setCacheHeaders, _ViewEmulato
from OFS.Image import File as OFSFile from OFS.Image import File as OFSFile
from warnings import warn from warnings import warn
import sys import sys
from base64 import decodestring
from Products.ERP5Type.UnrestrictedMethod import unrestricted_apply from Products.ERP5Type.UnrestrictedMethod import unrestricted_apply
...@@ -84,8 +85,9 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn): ...@@ -84,8 +85,9 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn):
if user is _MARKER: if user is _MARKER:
user = None # By default, do nothing user = None # By default, do nothing
if old_user is None or old_user.getUserName() == 'Anonymous User': if old_user is None or old_user.getUserName() == 'Anonymous User':
user_folder = getattr(self.getPortalObject(), 'acl_users', None) portal_membership = getToolByName(self.getPortalObject(),
if user_folder is not None: 'portal_membership')
if portal_membership is not None:
try: try:
if request.get('PUBLISHED', _MARKER) is _MARKER: if request.get('PUBLISHED', _MARKER) is _MARKER:
# request['PUBLISHED'] is required by validate # request['PUBLISHED'] is required by validate
...@@ -94,7 +96,14 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn): ...@@ -94,7 +96,14 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn):
else: else:
has_published = True has_published = True
try: try:
user = user_folder.validate(request) auth = request._auth
# this logic is copied from identify() in
# AccessControl.User.BasicUserFolder.
if auth and auth.lower().startswith('basic '):
name = decodestring(auth.split(' ')[-1]).split(':', 1)[0]
user = portal_membership._huntUser(name, self)
else:
user = None
except AttributeError: except AttributeError:
# This kind of error happens with unrestrictedTraverse, # This kind of error happens with unrestrictedTraverse,
# because the request object is a fake, and it is just # because the request object is a fake, and it is just
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment