Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Laurent S
erp5
Commits
e4b3fa74
Commit
e4b3fa74
authored
Oct 21, 2016
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
use enumerateUsers instead of ad-hoc getPersonByReference and getLoginObject.
parent
5570c555
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
25 additions
and
17 deletions
+25
-17
bt5/erp5_base/DocumentTemplateItem/portal_components/document.erp5.Login.py
...mentTemplateItem/portal_components/document.erp5.Login.py
+3
-4
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
...m/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
+1
-1
product/ERP5/Tool/PasswordTool.py
product/ERP5/Tool/PasswordTool.py
+4
-2
product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
...Item/portal_components/extension.erp5.StandardSecurity.py
+4
-2
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
+2
-2
product/ERP5Security/ERP5GroupManager.py
product/ERP5Security/ERP5GroupManager.py
+10
-3
product/ERP5Security/ERP5KeyAuthPlugin.py
product/ERP5Security/ERP5KeyAuthPlugin.py
+0
-2
product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
+1
-1
No files found.
bt5/erp5_base/DocumentTemplateItem/portal_components/document.erp5.Login.py
View file @
e4b3fa74
...
@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
...
@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self
.
getPortalType
()
+
'_setReference_'
+
value
.
encode
(
'hex'
)
self
.
getPortalType
()
+
'_setReference_'
+
value
.
encode
(
'hex'
)
# Check that there no existing user
# Check that there no existing user
erp5_users
=
portal
.
acl_users
.
erp5_users
erp5_users
=
portal
.
acl_users
.
erp5_users
login
=
erp5_users
.
getLoginObject
(
value
,
self
.
getPortalType
())
user_list
=
erp5_users
.
enumerateUsers
(
login
=
value
)
if
login
is
not
None
and
login
!=
self
and
\
if
[
x
for
x
in
user_list
if
x
.
get
(
'login'
,
{}).
get
(
'path'
,
''
)
!=
self
.
getPath
()]:
login
!=
self
.
getParentValue
():
raise
RuntimeError
,
'user id %s already exist'
%
(
value
,)
raise
RuntimeError
,
'user id %s already exist'
%
(
value
,)
# Check that there is no reindexation related to reference indexation
# Check that there is no reindexation related to reference indexation
if
portal
.
portal_activities
.
countMessageWithTag
(
tag
):
if
portal
.
portal_activities
.
countMessageWithTag
(
tag
):
...
@@ -95,4 +94,4 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
...
@@ -95,4 +94,4 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self
.
reindexObject
(
activate_kw
=
activate_kw
)
self
.
reindexObject
(
activate_kw
=
activate_kw
)
# invalid the cache for ERP5Security
# invalid the cache for ERP5Security
portal_caches
=
portal
.
portal_caches
portal_caches
=
portal
.
portal_caches
portal_caches
.
clearCache
(
cache_factory_list
=
(
'erp5_content_short'
,
))
portal_caches
.
clearCache
(
cache_factory_list
=
(
'erp5_content_short'
,
))
\ No newline at end of file
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
View file @
e4b3fa74
...
@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString
...
@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString
portal
=
context
.
getPortalObject
()
portal
=
context
.
getPortalObject
()
user
=
getSecurityManager
().
getUser
()
user
=
getSecurityManager
().
getUser
()
person
=
context
.
acl_users
.
erp5_users
.
getPersonByReference
(
user
.
getId
()
)
person
=
portal
.
restrictedTraverse
(
portal
.
acl_users
.
erp5_users
.
enumerateUsers
(
id
=
user
.
getId
())[
0
][
'path'
]
)
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
):
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
):
if
login
.
getReference
()
==
reference
and
login
.
getValidationState
()
==
'validated'
:
if
login
.
getReference
()
==
reference
and
login
.
getValidationState
()
==
'validated'
:
break
break
...
...
product/ERP5/Tool/PasswordTool.py
View file @
e4b3fa74
...
@@ -272,8 +272,10 @@ class PasswordTool(BaseTool):
...
@@ -272,8 +272,10 @@ class PasswordTool(BaseTool):
# XXX: incorrect grammar
# XXX: incorrect grammar
return
error
(
"Date has expire."
)
return
error
(
"Date has expire."
)
del
self
.
_password_request_dict
[
password_key
]
del
self
.
_password_request_dict
[
password_key
]
login
=
self
.
getPortalObject
().
acl_users
.
erp5_users
.
getLoginObject
(
login
=
self
.
getPortalObject
().
unrestrictedTraverse
(
register_user_login
,
'ERP5 Login'
)
self
.
getPortalObject
().
acl_users
.
erp5_users
.
enumerateUsers
(
login
=
register_user_login
,
login_portal_type
=
'ERP5 Login'
)[
0
][
'login'
][
'path'
])
login
.
_forceSetPassword
(
password
)
login
.
_forceSetPassword
(
password
)
login
.
reindexObject
()
login
.
reindexObject
()
return
redirect
(
REQUEST
,
site_url
,
return
redirect
(
REQUEST
,
site_url
,
...
...
product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
View file @
e4b3fa74
...
@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
...
@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
category_list
=
[]
category_list
=
[]
person_object
=
self
.
getPortalObject
().
acl_users
.
erp5_users
.
getPersonByReference
(
user_name
)
user_list
=
self
.
getPortalObject
().
acl_users
.
erp5_users
.
enumerateUsers
(
id
=
user_name
)
if
person_object
is
None
:
if
not
user_list
or
not
'path'
in
user_list
[
0
]
:
# if a person_object was not found in the module, we do nothing more
# if a person_object was not found in the module, we do nothing more
# this happens for example when a manager with no associated person object
# this happens for example when a manager with no associated person object
# creates a person_object for a new user
# creates a person_object for a new user
return
[]
return
[]
else
:
person_object
=
self
.
getPortalObject
().
unrestrictedTraverse
(
user_list
[
0
][
'path'
])
# We look for every valid assignments of this user
# We look for every valid assignments of this user
for
assignment
in
person_object
.
contentValues
(
filter
=
{
'portal_type'
:
'Assignment'
}):
for
assignment
in
person_object
.
contentValues
(
filter
=
{
'portal_type'
:
'Assignment'
}):
...
...
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
View file @
e4b3fa74
...
@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin):
...
@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin):
self
.
REQUEST
[
'USER_CREATION_IN_PROGRESS'
]
=
user
self
.
REQUEST
[
'USER_CREATION_IN_PROGRESS'
]
=
user
else
:
else
:
# create the user if not found
# create the user if not found
person_list
=
self
.
erp5_users
.
getPersonByReference
(
user
)
user_list
=
self
.
erp5_users
.
enumerateUsers
(
id
=
user
)
if
len
(
person_list
)
==
0
:
if
not
user_list
:
sm
=
getSecurityManager
()
sm
=
getSecurityManager
()
if
sm
.
getUser
().
getId
()
!=
SUPER_USER
:
if
sm
.
getUser
().
getId
()
!=
SUPER_USER
:
newSecurityManager
(
self
,
self
.
getUser
(
SUPER_USER
))
newSecurityManager
(
self
,
self
.
getUser
(
SUPER_USER
))
...
...
product/ERP5Security/ERP5GroupManager.py
View file @
e4b3fa74
...
@@ -31,7 +31,7 @@ import sys
...
@@ -31,7 +31,7 @@ import sys
from
zLOG
import
LOG
,
WARNING
from
zLOG
import
LOG
,
WARNING
from
ERP5UserManager
import
SUPER_USER
,
getUserByLogin
from
ERP5UserManager
import
SUPER_USER
# It can be useful to set NO_CACHE_MODE to 1 in order to debug
# It can be useful to set NO_CACHE_MODE to 1 in order to debug
# complex security issues related to caching groups. For example,
# complex security issues related to caching groups. For example,
...
@@ -117,9 +117,16 @@ class ERP5GroupManager(BasePlugin):
...
@@ -117,9 +117,16 @@ class ERP5GroupManager(BasePlugin):
security_definition_list
=
mapping_method
()
security_definition_list
=
mapping_method
()
# get the person from its login - no security check needed
# get the person from its login - no security check needed
person_object
=
self
.
erp5_users
.
getPersonByReference
(
user_name
)
user_list
=
self
.
erp5_users
.
enumerateUsers
(
id
=
user_name
)
if
person_object
is
None
:
# no person is linked to this user login
if
not
user_list
:
return
()
return
()
else
:
path
=
user_list
[
0
].
get
(
'path'
)
if
path
:
person_object
=
self
.
getPortalObject
().
unrestrictedTraverse
(
path
)
else
:
# not ERP5 user
return
()
# Fetch category values from defined scripts
# Fetch category values from defined scripts
for
(
method_name
,
base_category_list
)
in
security_definition_list
:
for
(
method_name
,
base_category_list
)
in
security_definition_list
:
...
...
product/ERP5Security/ERP5KeyAuthPlugin.py
View file @
e4b3fa74
...
@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
...
@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
from
Products.ERP5Type.Cache
import
CachingMethod
from
Products.ERP5Type.Cache
import
CachingMethod
from
Products.ERP5Type.UnrestrictedMethod
import
UnrestrictedMethod
from
Products.ERP5Type.UnrestrictedMethod
import
UnrestrictedMethod
from
Products.ERP5Security.ERP5UserManager
import
SUPER_USER
,
\
_AuthenticationFailure
from
Crypto.Cipher
import
AES
from
Crypto.Cipher
import
AES
from
Crypto
import
Random
from
Crypto
import
Random
...
...
product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
View file @
e4b3fa74
...
@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
...
@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
IUserEnumerationPlugin
IUserEnumerationPlugin
from
Products.ERP5Type.Cache
import
CachingMethod
from
Products.ERP5Type.Cache
import
CachingMethod
from
DateTime
import
DateTime
from
DateTime
import
DateTime
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
,
SUPER_USER
,
_AuthenticationFailure
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
from
BTrees.OOBTree
import
OOBTree
from
BTrees.OOBTree
import
OOBTree
from
zLOG
import
LOG
,
INFO
,
WARNING
from
zLOG
import
LOG
,
INFO
,
WARNING
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment