Commit a14341a6 authored by Vincent Pelletier's avatar Vincent Pelletier

Tolerate finding a user more than once.

Require the findings to be consistent when applicable.
May happen for example when migrating a user from being handled by one PAS
plugin to another.
parent 62565cdd
...@@ -2,10 +2,14 @@ ...@@ -2,10 +2,14 @@
if user_id is None: if user_id is None:
person = context.portal_membership.getAuthenticatedMember().getUserValue() person = context.portal_membership.getAuthenticatedMember().getUserValue()
else: else:
person_list = [x for x in context.acl_users.searchUsers(login=user_id, exact_match=True) if 'path' in x] person_path_set = {
if person_list: x['path']
person, = person_list for x in context.acl_users.searchUsers(login=user_id, exact_match=True)
person = context.getPortalObject().restrictedTraverse(person['path']) if 'path' in x
}
if person_path_set:
person_path, = person_path_set
person = context.getPortalObject().restrictedTraverse(person_path)
else: else:
person = None person = None
......
if user_id is None: if user_id is None:
person = context.portal_membership.getAuthenticatedMember().getUserValue() person = context.portal_membership.getAuthenticatedMember().getUserValue()
else: else:
person_list = [x for x in context.acl_users.searchUsers(id=user_id, exact_match=True) if 'path' in x] person_path_set = {
if person_list: x['path']
person, = person_list for x in context.acl_users.searchUsers(id=user_id, exact_match=True)
person = context.getPortalObject().restrictedTraverse(person['path']) if 'path' in x
}
if person_path_set:
person_path, = person_path_set
person = context.getPortalObject().restrictedTraverse(person_path)
else: else:
person = None person = None
if person is None: if person is None:
......
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
""" """
owner_id_list = [i[0] for i in context.get_local_roles() if 'Owner' in i[1]] owner_id_list = [i[0] for i in context.get_local_roles() if 'Owner' in i[1]]
if owner_id_list: if owner_id_list:
found_user_list = [x for x in context.acl_users.searchUsers(id=tuple(owner_id_list), exact_match=True) if 'path' in x] found_user_path_set = {x['path'] for x in context.acl_users.searchUsers(id=tuple(owner_id_list), exact_match=True) if 'path' in x}
if found_user_list: if found_user_path_set:
found_user, = found_user_list found_user_path, = found_user_path_set
return context.getPortalObject().restrictedTraverse(found_user['path']).getTitle() return context.getPortalObject().restrictedTraverse(found_user_path).getTitle()
return owner_id_list[0] return owner_id_list[0]
...@@ -4,9 +4,11 @@ Returns None if no corresponding person, for example when not using ERP5Security ...@@ -4,9 +4,11 @@ Returns None if no corresponding person, for example when not using ERP5Security
portal = context.getPortalObject() portal = context.getPortalObject()
if user_name is None: if user_name is None:
return portal.portal_membership.getAuthenticatedMember().getUserValue() return portal.portal_membership.getAuthenticatedMember().getUserValue()
user_list = [x for x in portal.acl_users.searchUsers( user_path_set = {
exact_match=True, x['path']
id=user_name, for x in portal.acl_users.searchUsers(exact_match=True, id=user_name)
) if 'path' in x] if 'path' in x
if len(user_list) == 1: }
return portal.restrictedTraverse(user_list[0]['path']) if len(user_path_set) == 1:
user_path, = user_path_set
return portal.restrictedTraverse(user_path)
from DateTime import DateTime from DateTime import DateTime
person_list = [x for x in context.acl_users.searchUsers(login=login, exact_match=True) if 'path' in x] person_path_set = {
if not person_list: x['path']
for x in context.acl_users.searchUsers(login=login, exact_match=True)
if 'path' in x
}
if not person_path_set:
return False, [] return False, []
person, = person_list person_path, = person_path_set
person = context.getPortalObject().restrictedTraverse(person['path']) person = context.getPortalObject().restrictedTraverse(person_path)
if person.getPassword(format='palo_md5') != password: if person.getPassword(format='palo_md5') != password:
return False, [] return False, []
......
...@@ -143,19 +143,19 @@ class PasswordTool(BaseTool): ...@@ -143,19 +143,19 @@ class PasswordTool(BaseTool):
msg = None msg = None
# check user exists, and have an email # check user exists, and have an email
user_list = [x for x in self.getPortalObject().acl_users.searchUsers( user_path_set = {x['path'] for x in self.getPortalObject().acl_users.searchUsers(
login=user_login, login=user_login,
exact_match=True, exact_match=True,
) if 'path' in x] ) if 'path' in x}
if len(user_list) == 0: if len(user_path_set) == 0:
msg = translateString("User ${user} does not exist.", msg = translateString("User ${user} does not exist.",
mapping={'user':user_login}) mapping={'user':user_login})
else: else:
# We use checked_permission to prevent errors when trying to acquire # We use checked_permission to prevent errors when trying to acquire
# email from organisation # email from organisation
user, = user_list user_path, = user_path_set
user_value = self.getPortalObject().unrestrictedTraverse( user_value = self.getPortalObject().unrestrictedTraverse(
user['path']) user_path)
email_value = user_value.getDefaultEmailValue( email_value = user_value.getDefaultEmailValue(
checked_permission='Access content information') checked_permission='Access content information')
if email_value is None or not email_value.asText(): if email_value is None or not email_value.asText():
......
...@@ -53,19 +53,19 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec ...@@ -53,19 +53,19 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
category_list = [] category_list = []
user_list = [ user_path_set = {
x for x in self.acl_users.searchUsers( x['path'] for x in self.acl_users.searchUsers(
id=user_name, id=user_name,
exact_match=True, exact_match=True,
) if 'path' in x ) if 'path' in x
] }
if not user_list: if not user_path_set:
# if a person_object was not found in the module, we do nothing more # if a person_object was not found in the module, we do nothing more
# this happens for example when a manager with no associated person object # this happens for example when a manager with no associated person object
# creates a person_object for a new user # creates a person_object for a new user
return [] return []
user, = user_list user_path, = user_path_set
person_object = self.getPortalObject().unrestrictedTraverse(user['path']) person_object = self.getPortalObject().unrestrictedTraverse(user_path)
# We look for every valid assignments of this user # We look for every valid assignments of this user
for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}): for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
......
...@@ -118,14 +118,15 @@ class ERP5GroupManager(BasePlugin): ...@@ -118,14 +118,15 @@ class ERP5GroupManager(BasePlugin):
security_definition_list = mapping_method() security_definition_list = mapping_method()
# get the person from its login - no security check needed # get the person from its login - no security check needed
user_list = [ user_path_set = {
x for x in self.searchUsers(id=user_id, exact_match=True) x['path']
for x in self.searchUsers(id=user_id, exact_match=True)
if 'path' in x if 'path' in x
] }
if not user_list: if not user_path_set:
return () return ()
user, = user_list user_path, = user_path_set
person_object = self.getPortalObject().unrestrictedTraverse(user['path']) person_object = self.getPortalObject().unrestrictedTraverse(user_path)
# Fetch category values from defined scripts # Fetch category values from defined scripts
for (method_name, base_category_list) in security_definition_list: for (method_name, base_category_list) in security_definition_list:
......
...@@ -205,14 +205,16 @@ class ERP5User(PropertiedUser): ...@@ -205,14 +205,16 @@ class ERP5User(PropertiedUser):
result = self._user_path result = self._user_path
if result is not None: if result is not None:
return self.getPortalObject().unrestrictedTraverse(result) return self.getPortalObject().unrestrictedTraverse(result)
user_list = [x for x in self.aq_parent.searchUsers( # user id may match in more than one PAS plugin, but fail if more than one
# underlying path is found.
user_path_set = {x['path'] for x in self.aq_parent.searchUsers(
exact_match=True, exact_match=True,
id=self.getId(), id=self.getId(),
) if 'path' in x] ) if 'path' in x}
if user_list: if user_path_set:
user, = user_list user_path, = user_path_set
result = self._user_path = user['path'] self._user_path = user_path
return self.getPortalObject().unrestrictedTraverse(result) return self.getPortalObject().unrestrictedTraverse(user_path)
def getLoginValue(self): def getLoginValue(self):
""" -> login document """ -> login document
...@@ -222,6 +224,7 @@ class ERP5User(PropertiedUser): ...@@ -222,6 +224,7 @@ class ERP5User(PropertiedUser):
result = self._login_path result = self._login_path
if result is not None: if result is not None:
return self.getPortalObject().unrestrictedTraverse(result) return self.getPortalObject().unrestrictedTraverse(result)
# user name may match at most once, or there can be endless ambiguity.
user_list = [x for x in self.aq_parent.searchUsers( user_list = [x for x in self.aq_parent.searchUsers(
exact_match=True, exact_match=True,
login=self.getUserName(), login=self.getUserName(),
...@@ -237,17 +240,19 @@ class ERP5User(PropertiedUser): ...@@ -237,17 +240,19 @@ class ERP5User(PropertiedUser):
Return the list of login documents belonging to current user. Return the list of login documents belonging to current user.
""" """
user_list = [x for x in self.aq_parent.searchUsers( # Aggregate all login paths.
exact_match=True, user_path_set = {
id=self.getId(), login['path']
login_portal_type=portal_type, for user in self.aq_parent.searchUsers(
max_results=limit, exact_match=True,
) if 'login_list' in x] id=self.getId(),
if user_list: login_portal_type=portal_type,
user, = user_list max_results=limit,
unrestrictedTraverse = self.getPortalObject().unrestrictedTraverse ) if 'login_list' in user
return [unrestrictedTraverse(x['path']) for x in user['login_list']] for login in user['login_list']
return [] }
unrestrictedTraverse = self.getPortalObject().unrestrictedTraverse
return [unrestrictedTraverse(x) for x in user_path_set]
InitializeClass(ERP5User) InitializeClass(ERP5User)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment