Tolerate finding a user more than once.

Require the findings to be consistent when applicable.
May happen for example when migrating a user from being handled by one PAS
plugin to another.

bt5/erp5_banking_core/SkinTemplateItem/portal_skins/erp5_banking_core/Baobab_getCurrentUserTitle.py

@@ -2,10 +2,14 @@
 if user_id is None:
   person = context.portal_membership.getAuthenticatedMember().getUserValue()
 else:
-  person_list = [x for x in context.acl_users.searchUsers(login=user_id, exact_match=True) if 'path' in x]
-  if person_list:
-    person, = person_list
-    person = context.getPortalObject().restrictedTraverse(person['path'])
+  person_path_set = {
+    x['path']
+    for x in context.acl_users.searchUsers(login=user_id, exact_match=True)
+    if 'path' in x
+  }
+  if person_path_set:
+    person_path, = person_path_set
+    person = context.getPortalObject().restrictedTraverse(person_path)
   else:
     person = None
 

bt5/erp5_banking_core/SkinTemplateItem/portal_skins/erp5_banking_core/Baobab_getUserAssignment.py

 if user_id is None:
   person = context.portal_membership.getAuthenticatedMember().getUserValue()
 else:
-  person_list = [x for x in context.acl_users.searchUsers(id=user_id, exact_match=True) if 'path' in x]
-  if person_list:
-    person, = person_list
-    person = context.getPortalObject().restrictedTraverse(person['path'])
+  person_path_set = {
+    x['path']
+    for x in context.acl_users.searchUsers(id=user_id, exact_match=True)
+    if 'path' in x
+  }
+  if person_path_set:
+    person_path, = person_path_set
+    person = context.getPortalObject().restrictedTraverse(person_path)
   else:
     person = None
 if person is None:

bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_getOwnerTitle.py

@@ -2,8 +2,8 @@
 """
 owner_id_list = [i[0] for i in context.get_local_roles() if 'Owner' in i[1]]
 if owner_id_list:
-  found_user_list = [x for x in context.acl_users.searchUsers(id=tuple(owner_id_list), exact_match=True) if 'path' in x]
-  if found_user_list:
-    found_user, = found_user_list
-    return context.getPortalObject().restrictedTraverse(found_user['path']).getTitle()
+  found_user_path_set = {x['path'] for x in context.acl_users.searchUsers(id=tuple(owner_id_list), exact_match=True) if 'path' in x}
+  if found_user_path_set:
+    found_user_path, = found_user_path_set
+    return context.getPortalObject().restrictedTraverse(found_user_path).getTitle()
   return owner_id_list[0]

bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/ERP5Site_getAuthenticatedMemberPersonValue.py

@@ -4,9 +4,11 @@ Returns None if no corresponding person, for example when not using ERP5Security
 portal = context.getPortalObject()
 if user_name is None:
   return portal.portal_membership.getAuthenticatedMember().getUserValue()
-user_list = [x for x in portal.acl_users.searchUsers(
-  exact_match=True,
-  id=user_name,
-) if 'path' in x]
-if len(user_list) == 1:
-  return portal.restrictedTraverse(user_list[0]['path'])
+user_path_set = {
+  x['path']
+  for x in portal.acl_users.searchUsers(exact_match=True, id=user_name)
+  if 'path' in x
+}
+if len(user_path_set) == 1:
+  user_path, = user_path_set
+  return portal.restrictedTraverse(user_path)

bt5/erp5_palo/SkinTemplateItem/portal_skins/erp5_palo/ERP5Site_authenticatePaloUser.py

 from DateTime import DateTime
 
-person_list = [x for x in context.acl_users.searchUsers(login=login, exact_match=True) if 'path' in x]
-if not person_list:
+person_path_set = {
+  x['path']
+  for x in context.acl_users.searchUsers(login=login, exact_match=True)
+  if 'path' in x
+}
+if not person_path_set:
   return False, []
 
-person, = person_list
-person = context.getPortalObject().restrictedTraverse(person['path'])
+person_path, = person_path_set
+person = context.getPortalObject().restrictedTraverse(person_path)
 if person.getPassword(format='palo_md5') != password:
   return False, []
 

product/ERP5/Tool/PasswordTool.py

@@ -143,19 +143,19 @@ class PasswordTool(BaseTool):
 
     msg = None
     # check user exists, and have an email
-    user_list = [x for x in self.getPortalObject().acl_users.searchUsers(
+    user_path_set = {x['path'] for x in self.getPortalObject().acl_users.searchUsers(
       login=user_login,
       exact_match=True,
-    ) if 'path' in x]
-    if len(user_list) == 0:
+    ) if 'path' in x}
+    if len(user_path_set) == 0:
       msg = translateString("User ${user} does not exist.",
                             mapping={'user':user_login})
     else:
       # We use checked_permission to prevent errors when trying to acquire
       # email from organisation
-      user, = user_list
+      user_path, = user_path_set
       user_value = self.getPortalObject().unrestrictedTraverse(
-        user['path'])
+        user_path)
       email_value = user_value.getDefaultEmailValue(
         checked_permission='Access content information')
       if email_value is None or not email_value.asText():

product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py

@@ -53,19 +53,19 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
 
   category_list = []
 
-  user_list = [
-    x for x in self.acl_users.searchUsers(
+  user_path_set = {
+    x['path'] for x in self.acl_users.searchUsers(
       id=user_name,
       exact_match=True,
     ) if 'path' in x
-  ]
-  if not user_list:
+  }
+  if not user_path_set:
     # if a person_object was not found in the module, we do nothing more
     # this happens for example when a manager with no associated person object
     # creates a person_object for a new user
     return []
-  user, = user_list
-  person_object = self.getPortalObject().unrestrictedTraverse(user['path'])
+  user_path, = user_path_set
+  person_object = self.getPortalObject().unrestrictedTraverse(user_path)
 
   # We look for every valid assignments of this user
   for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):

product/ERP5Security/ERP5GroupManager.py

@@ -118,14 +118,15 @@ class ERP5GroupManager(BasePlugin):
           security_definition_list = mapping_method()
 
         # get the person from its login - no security check needed
-        user_list = [
-          x for x in self.searchUsers(id=user_id, exact_match=True)
+        user_path_set = {
+          x['path']
+          for x in self.searchUsers(id=user_id, exact_match=True)
           if 'path' in x
-        ]
-        if not user_list:
+        }
+        if not user_path_set:
           return ()
-        user, = user_list
-        person_object = self.getPortalObject().unrestrictedTraverse(user['path'])
+        user_path, = user_path_set
+        person_object = self.getPortalObject().unrestrictedTraverse(user_path)
 
         # Fetch category values from defined scripts
         for (method_name, base_category_list) in security_definition_list:

product/ERP5Security/ERP5UserFactory.py

@@ -205,14 +205,16 @@ class ERP5User(PropertiedUser):
     result = self._user_path
     if result is not None:
       return self.getPortalObject().unrestrictedTraverse(result)
-    user_list = [x for x in self.aq_parent.searchUsers(
+    # user id may match in more than one PAS plugin, but fail if more than one
+    # underlying path is found.
+    user_path_set = {x['path'] for x in self.aq_parent.searchUsers(
       exact_match=True,
       id=self.getId(),
-    ) if 'path' in x]
-    if user_list:
-      user, = user_list
-      result = self._user_path = user['path']
-      return self.getPortalObject().unrestrictedTraverse(result)
+    ) if 'path' in x}
+    if user_path_set:
+      user_path, = user_path_set
+      self._user_path = user_path
+      return self.getPortalObject().unrestrictedTraverse(user_path)
 
   def getLoginValue(self):
     """ -> login document
@@ -222,6 +224,7 @@ class ERP5User(PropertiedUser):
     result = self._login_path
     if result is not None:
       return self.getPortalObject().unrestrictedTraverse(result)
+    # user name may match at most once, or there can be endless ambiguity.
     user_list = [x for x in self.aq_parent.searchUsers(
       exact_match=True,
       login=self.getUserName(),
@@ -237,17 +240,19 @@ class ERP5User(PropertiedUser):
 
     Return the list of login documents belonging to current user.
     """
-    user_list = [x for x in self.aq_parent.searchUsers(
-      exact_match=True,
-      id=self.getId(),
-      login_portal_type=portal_type,
-      max_results=limit,
-    ) if 'login_list' in x]
-    if user_list:
-      user, = user_list
-      unrestrictedTraverse = self.getPortalObject().unrestrictedTraverse
-      return [unrestrictedTraverse(x['path']) for x in user['login_list']]
-    return []
+    # Aggregate all login paths.
+    user_path_set = {
+      login['path']
+      for user in self.aq_parent.searchUsers(
+        exact_match=True,
+        id=self.getId(),
+        login_portal_type=portal_type,
+        max_results=limit,
+      ) if 'login_list' in user
+      for login in user['login_list']
+    }
+    unrestrictedTraverse = self.getPortalObject().unrestrictedTraverse
+    return [unrestrictedTraverse(x) for x in user_path_set]
 
 InitializeClass(ERP5User)