Commit f6342cb7 authored by Alexandre Boeglin's avatar Alexandre Boeglin

Fixed indentation.

Now uses Person reference instead of id as login.
Can be extended through a Python Script.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4468 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 008877c7
...@@ -24,81 +24,117 @@ from Products.PluggableAuthService.utils import classImplements ...@@ -24,81 +24,117 @@ from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from pickle import dumps, loads
from zLOG import LOG from zLOG import LOG
manage_addERP5GroupManagerForm = PageTemplateFile( manage_addERP5GroupManagerForm = PageTemplateFile(
'www/ERP5Security_addERP5GroupManager', globals(), __name__='manage_addERP5GroupManagerForm' ) 'www/ERP5Security_addERP5GroupManager', globals(), __name__='manage_addERP5GroupManagerForm' )
def addERP5GroupManager( dispatcher, id, title=None, REQUEST=None ): def addERP5GroupManager( dispatcher, id, title=None, REQUEST=None ):
""" Add a ERP5GroupManager to a Pluggable Auth Service. """ """ Add a ERP5GroupManager to a Pluggable Auth Service. """
egm = ERP5GroupManager(id, title) egm = ERP5GroupManager(id, title)
dispatcher._setObject(egm.getId(), egm) dispatcher._setObject(egm.getId(), egm)
if REQUEST is not None: if REQUEST is not None:
REQUEST['RESPONSE'].redirect( REQUEST['RESPONSE'].redirect(
'%s/manage_workspace' '%s/manage_workspace'
'?manage_tabs_message=' '?manage_tabs_message='
'ERP5GroupManager+added.' 'ERP5GroupManager+added.'
% dispatcher.absolute_url()) % dispatcher.absolute_url())
class ERP5GroupManager(BasePlugin): class ERP5GroupManager(BasePlugin):
""" PAS plugin for dynamically adding Groups """ PAS plugin for dynamically adding Groups
based on Assignments in ERP5 based on Assignments in ERP5
"""
meta_type = 'ERP5 Group Manager'
security = ClassSecurityInfo()
def __init__(self, id, title=None):
self._id = self.id = id
self.title = title
#
# IGroupsPlugin implementation
#
def getGroupsForPrincipal(self, principal, request=None):
""" See IGroupsPlugin.
""" """
meta_type = 'ERP5 Group Manager' def _getGroupsForPrincipal(user_name, path):
security_category_dict = {} # key is the base_category_list,
security = ClassSecurityInfo() # value is the list of fetched categories
security_group_list = []
def __init__(self, id, title=None): security_definition_dict = {}
self._id = self.id = id # because we aren't logged in, we have to create our own
self.title = title # SecurityManager to be able to access the Catalog
#FIXME here we assume that the portal owner will always have
# # enough rights, which might as well be wrong
# IGroupsPlugin implementation newSecurityManager(self, self.getPortalObject().getOwner())
#
def getGroupsForPrincipal(self, principal, request=None): # To get the complete list of groups, we try to call the
""" See IGroupsPlugin. # ERP5Type_getSecurityCategoryMapping which should return a dict
""" # like : {
def _getGroupsForPrincipal(user_name, path): # 'script_1':['base_category_1', 'base_category_2', ...],
security_group_list = [] # 'script_2':['base_category_1', 'base_category_3', ...]}
#
# because we aren't logged in, we have to create our own # else, if the script does not exist, falls back to :
# SecurityManager to be able to access the Catalog # { 'ERP5Type_getSecurityCategoryFromAssignment':
newSecurityManager(self, self.getPortalObject().getOwner()) # self.getPortalAssignmentBaseCategoryList()}
base_category_list = self.getPortalObject().getPortalAssignmentBaseCategoryList()
mapping_method = getattr(self,
user_name = principal.getId() 'ERP5Type_getSecurityCategoryMapping', None)
if mapping_method is None:
person_module = self.getPortalObject().getDefaultModule('Person') security_definition_dict = {
person_object = getattr(person_module, user_name, None) 'ERP5Type_getSecurityCategoryFromAssignment':
self.getPortalAssignmentBaseCategoryList()
# return no groups if the username is not registered in person module }
if not person_object: else:
return () security_definition_dict = mapping_method()
# Fetch category values from assignment # get the person from its reference
category_list = self.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, self, '') catalog_result = self.portal_catalog(
portal_type="Person", reference=user_name)
# return no groups if we there are no Security Categories if len(catalog_result) != 1: # we won't proceed with groups
if not category_list: if len(catalog_result) > 1: # configuration is screwed
return () raise 'ConsistencyError', 'There is more than one Person whose \
login is %s : %s' % (user_name,
# Get group names from category values repr([r.getObject() for r in catalog_result]))
for c_dict in category_list: else: # no person is linked to this user login
security_group_list.append(self.ERP5Type_asSecurityGroupId(category_order=base_category_list, **c_dict)) return ()
person_object = catalog_result[0].getObject()
LOG('erp5_groups', 0, 'user %s is member of %s' %(user_name, str(security_group_list))) person_id = person_object.getId()
return tuple(security_group_list) # Fetch category values from defined scripts
for method_name, base_category_list in \
_getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal') security_definition_dict.items():
return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath()) pickled_category_list = dumps(base_category_list)
method = getattr(self, method_name)
if not security_category_dict.has_key(pickled_category_list):
security_category_dict[pickled_category_list] = []
security_category_dict[pickled_category_list].extend(
method(base_category_list, person_id, person_object, ''))
# Get group names from category values
group_id_generator = getattr(self, 'ERP5Type_asSecurityGroupId')
for pickled_category_list, category_value_list in \
security_category_dict.items():
base_category_list = loads(pickled_category_list)
for category_dict in category_value_list:
security_group_list.append(group_id_generator(
category_order=base_category_list, **category_dict))
return tuple(security_group_list)
_getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal')
return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath())
classImplements( ERP5GroupManager classImplements( ERP5GroupManager
, IGroupsPlugin , IGroupsPlugin
) )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment