Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Łukasz Nowak
erp5
Commits
09960648
Commit
09960648
authored
Oct 14, 2013
by
Julien Muchembled
Committed by
Mame Coumba Sall
Oct 23, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add suport for anonymous user with groups or additional roles
parent
3c93a394
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
114 additions
and
0 deletions
+114
-0
product/ERP5Type/ZopePatch.py
product/ERP5Type/ZopePatch.py
+1
-0
product/ERP5Type/patches/PluggableAuthService.py
product/ERP5Type/patches/PluggableAuthService.py
+113
-0
No files found.
product/ERP5Type/ZopePatch.py
View file @
09960648
...
@@ -39,6 +39,7 @@ from Products.ERP5Type.patches import sqlvar
...
@@ -39,6 +39,7 @@ from Products.ERP5Type.patches import sqlvar
from
Products.ERP5Type.patches
import
CMFCatalogAware
from
Products.ERP5Type.patches
import
CMFCatalogAware
from
Products.ERP5Type.patches
import
ProductContext
from
Products.ERP5Type.patches
import
ProductContext
from
Products.ERP5Type.patches
import
PropertiedUser
from
Products.ERP5Type.patches
import
PropertiedUser
from
Products.ERP5Type.patches
import
PluggableAuthService
from
Products.ERP5Type.patches
import
States
from
Products.ERP5Type.patches
import
States
from
Products.ERP5Type.patches
import
FSZSQLMethod
from
Products.ERP5Type.patches
import
FSZSQLMethod
from
Products.ERP5Type.patches
import
ActionInformation
from
Products.ERP5Type.patches
import
ActionInformation
...
...
product/ERP5Type/patches/PluggableAuthService.py
0 → 100644
View file @
09960648
##############################################################################
#
# Copyright (c) 2001 Zope Foundation and Contributors
# Copyright (c) 2013 Nexedi SARL and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
from
hashlib
import
md5
from
Products.PluggableAuthService.PluggableAuthService
\
import
PluggableAuthService
,
_noroles
,
nobody
from
Products.ERP5Type.Cache
import
caching_instance_method
if
1
:
assert
md5
(
PluggableAuthService
.
validate
.
func_code
.
co_code
).
hexdigest
()
in
(
# PluggableAuthService 1.9.0
'5e2e6adabd03124bfd21278d3b6fb1c7'
,
# Python 2.6
'5ef8421949366195dbb2d15d979a14c9'
,
# Python 2.7
)
# When no user is found, try to create anonymous user even if we're not the
# top user folder, so that anonymous user can be customized in appropriate
# context (in particular: assign anonymous user to groups).
# Because it's common to define admin users at root, original behaviour
# is kept if any basic auth string is passed.
def
validate
(
self
,
request
,
auth
=
''
,
roles
=
_noroles
):
""" See IUserFolder.
"""
plugins
=
self
.
_getOb
(
'plugins'
)
is_top
=
self
.
_isTop
()
if
not
is_top
and
self
.
_isNotCompetent
(
request
,
plugins
):
# this user folder should not try to authenticate this request
return
None
user_ids
=
self
.
_extractUserIds
(
request
,
plugins
)
(
accessed
,
container
,
name
,
value
)
=
self
.
_getObjectContext
(
request
[
'PUBLISHED'
],
request
)
for
user_id
,
login
in
user_ids
:
user
=
self
.
_findUser
(
plugins
,
user_id
,
login
,
request
=
request
)
if
aq_base
(
user
)
is
emergency_user
:
if
is_top
:
return
user
else
:
return
None
if
self
.
_authorizeUser
(
user
,
accessed
,
container
,
name
,
value
,
roles
):
return
user
if
auth
and
not
is_top
:
# patch 1
return
None
#
# No other user folder above us can satisfy, and we have no user;
# return a constructed anonymous only if anonymous is authorized.
#
anonymous
=
self
.
_createAnonymousUser
(
plugins
)
if
self
.
_authorizeUser
(
anonymous
,
accessed
,
container
,
name
,
value
,
roles
):
return
anonymous
return
None
PluggableAuthService
.
validate
.
im_func
.
func_code
=
validate
.
func_code
@
caching_instance_method
(
'createAnonymousUser'
,
cache_factory
=
'erp5_content_short'
)
def
createAnonymousUser
(
self
):
try
:
role_list
,
group_list
=
self
.
ERP5Site_getAnonymousUserSecurity
()
if
role_list
or
group_list
:
from
Products.ERP5Security.ERP5UserFactory
import
ERP5User
user
=
ERP5User
(
nobody
.
getId
(),
nobody
.
getUserName
())
user
.
_addRoles
(
nobody
.
getRoles
())
user
.
_addRoles
(
role_list
)
user
.
_addGroups
(
group_list
)
return
user
except
Exception
:
pass
# AnonymousUserFactory plugins have never been usable in ERP5 so
# instead of bothering user to create one on existing site, ignore
# these plugins and call directly our code to create anonymous users.
def
_createAnonymousUser
(
self
,
plugins
):
user
=
createAnonymousUser
(
self
)
return
(
nobody
if
user
is
None
else
user
).
__of__
(
self
)
PluggableAuthService
.
_createAnonymousUser
=
_createAnonymousUser
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment