From 2ab66283cd0dc1fea001cd93098db70ae1df81e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com>
Date: Mon, 22 Oct 2012 15:41:26 +0200
Subject: [PATCH] Security fix: check Assignment in case of Person.

---
 master/product/Vifib/VifibMachineAuthenticationPlugin.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/master/product/Vifib/VifibMachineAuthenticationPlugin.py b/master/product/Vifib/VifibMachineAuthenticationPlugin.py
index ee4e1223f..f7358a099 100644
--- a/master/product/Vifib/VifibMachineAuthenticationPlugin.py
+++ b/master/product/Vifib/VifibMachineAuthenticationPlugin.py
@@ -48,6 +48,7 @@ from Products.ERP5Type.ERP5Type \
   import ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
 from Products.ERP5Type.Cache import CachingMethod
 from Products.ZSQLCatalog.SQLCatalog import Query, ComplexQuery
+from Products.ERP5Security.ERP5UserManager import getValidAssignmentList
 
 #Form for new plugin in ZMI
 manage_addVifibMachineAuthenticationPluginForm = PageTemplateFile(
@@ -148,6 +149,10 @@ class VifibMachineAuthenticationPlugin(BasePlugin):
     user_list = self.getUserByLogin(login)
     if len(user_list) != 1:
       return None
+    user = user_list[0]
+    if user.getPortalType() == 'Person':
+      if len(getValidAssignmentList(user)) == 0:
+        return None
     return (login, login)
 
   def getUserByLogin(self, login):
-- 
2.30.9