Commit 6b77e6d4 authored by Julien Muchembled's avatar Julien Muchembled

Drop support for NuxUserGroups

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@30257 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 47e796f7
...@@ -9,12 +9,6 @@ ...@@ -9,12 +9,6 @@
</pickle> </pickle>
<pickle> <pickle>
<dictionary> <dictionary>
<item>
<key> <string>__ac_local_group_roles__</string> </key>
<value>
<dictionary/>
</value>
</item>
<item> <item>
<key> <string>_local_properties</string> </key> <key> <string>_local_properties</string> </key>
<value> <value>
......
247 248
\ No newline at end of file \ No newline at end of file
...@@ -1460,12 +1460,6 @@ ...@@ -1460,12 +1460,6 @@
</tuple> </tuple>
</value> </value>
</item> </item>
<item>
<key> <string>__ac_local_group_roles__</string> </key>
<value>
<dictionary/>
</value>
</item>
<item> <item>
<key> <string>_count</string> </key> <key> <string>_count</string> </key>
<value> <value>
......
54 55
\ No newline at end of file \ No newline at end of file
...@@ -4468,36 +4468,21 @@ class LocalRolesTemplateItem(BaseTemplateItem): ...@@ -4468,36 +4468,21 @@ class LocalRolesTemplateItem(BaseTemplateItem):
obj = p.unrestrictedTraverse(path.split('/', 1)[1]) obj = p.unrestrictedTraverse(path.split('/', 1)[1])
local_roles_dict = getattr(obj, '__ac_local_roles__', local_roles_dict = getattr(obj, '__ac_local_roles__',
{}) or {} {}) or {}
group_local_roles_dict = getattr(obj, '__ac_local_group_roles__', self._objects[path] = (local_roles_dict, )
{}) or {}
self._objects[path] = (local_roles_dict, group_local_roles_dict)
# Function to generate XML Code Manually # Function to generate XML Code Manually
def generateXml(self, path=None): def generateXml(self, path=None):
local_roles_dict, group_local_roles_dict = self._objects[path] local_roles_dict, = self._objects[path]
local_roles_keys = local_roles_dict.keys()
group_local_roles_keys = group_local_roles_dict.keys()
local_roles_keys.sort()
group_local_roles_keys.sort()
# local roles # local roles
xml_data = '<local_roles_item>' xml_data = '<local_roles_item>'
xml_data += '\n <local_roles>' xml_data += '\n <local_roles>'
for key in local_roles_keys: for key in sorted(local_roles_dict):
xml_data += "\n <role id='%s'>" %(key,) xml_data += "\n <role id='%s'>" %(key,)
tuple = local_roles_dict[key] tuple = local_roles_dict[key]
for item in tuple: for item in tuple:
xml_data += "\n <item>%s</item>" %(item,) xml_data += "\n <item>%s</item>" %(item,)
xml_data += '\n </role>' xml_data += '\n </role>'
xml_data += '\n </local_roles>' xml_data += '\n </local_roles>'
# group local roles
xml_data += '\n <group_local_roles>'
for key in group_local_roles_keys:
xml_data += "\n <role id='%s'>" %(key,)
tuple = group_local_roles_dict[key]
for item in tuple:
xml_data += '\n <item>%s</item>' %(item,)
xml_data += '\n </role>'
xml_data += '\n </group_local_roles>'
xml_data += '\n</local_roles_item>' xml_data += '\n</local_roles_item>'
return xml_data return xml_data
...@@ -4538,20 +4523,7 @@ class LocalRolesTemplateItem(BaseTemplateItem): ...@@ -4538,20 +4523,7 @@ class LocalRolesTemplateItem(BaseTemplateItem):
for item in item_list: for item in item_list:
item_type_list.append(str(item.childNodes[0].data)) item_type_list.append(str(item.childNodes[0].data))
local_roles_dict[id] = item_type_list local_roles_dict[id] = item_type_list
# group local roles self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, )
group_local_roles = xml.getElementsByTagName('group_local_roles')[0]
local_roles_list = group_local_roles.getElementsByTagName('role')
group_local_roles_dict = {}
for role in local_roles_list:
id = role.getAttribute('id')
if isinstance(id, unicode):
id = id.encode('utf-8')
item_type_list = []
item_list = role.getElementsByTagName('item')
for item in item_list:
item_type_list.append(str(item.childNodes[0].data))
group_local_roles_dict[id] = item_type_list
self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, group_local_roles_dict)
def install(self, context, trashbin, **kw): def install(self, context, trashbin, **kw):
update_dict = kw.get('object_to_update') update_dict = kw.get('object_to_update')
...@@ -4565,9 +4537,8 @@ class LocalRolesTemplateItem(BaseTemplateItem): ...@@ -4565,9 +4537,8 @@ class LocalRolesTemplateItem(BaseTemplateItem):
continue continue
path = roles_path.split('/')[1:] path = roles_path.split('/')[1:]
obj = p.unrestrictedTraverse(path) obj = p.unrestrictedTraverse(path)
local_roles_dict, group_local_roles_dict = self._objects[roles_path] local_roles_dict, = self._objects[roles_path]
setattr(obj, '__ac_local_roles__', local_roles_dict) setattr(obj, '__ac_local_roles__', local_roles_dict)
setattr(obj, '__ac_local_group_roles__', group_local_roles_dict)
def uninstall(self, context, **kw): def uninstall(self, context, **kw):
p = context.getPortalObject() p = context.getPortalObject()
...@@ -4575,7 +4546,6 @@ class LocalRolesTemplateItem(BaseTemplateItem): ...@@ -4575,7 +4546,6 @@ class LocalRolesTemplateItem(BaseTemplateItem):
path = roles_path.split('/')[1:] path = roles_path.split('/')[1:]
obj = p.unrestrictedTraverse(path) obj = p.unrestrictedTraverse(path)
setattr(obj, '__ac_local_roles__', {}) setattr(obj, '__ac_local_roles__', {})
setattr(obj, '__ac_local_group_roles__', {})
class BusinessTemplate(XMLObject): class BusinessTemplate(XMLObject):
""" """
......
...@@ -1793,18 +1793,8 @@ class ERP5Generator(PortalGenerator): ...@@ -1793,18 +1793,8 @@ class ERP5Generator(PortalGenerator):
# Calling ERP5Site_reindexAll is useless. # Calling ERP5Site_reindexAll is useless.
def setupUserFolder(self, p): def setupUserFolder(self, p):
# We use if possible ERP5Security, then NuxUserGroups
try:
from Products import ERP5Security from Products import ERP5Security
from Products import PluggableAuthService from Products import PluggableAuthService
except ImportError:
ERP5Security = None
try:
import Products.NuxUserGroups
withnuxgroups = 1
except ImportError:
withnuxgroups = 0
if ERP5Security is not None:
# Use Pluggable Auth Service instead of the standard acl_users. # Use Pluggable Auth Service instead of the standard acl_users.
p.manage_addProduct['PluggableAuthService'].addPluggableAuthService() p.manage_addProduct['PluggableAuthService'].addPluggableAuthService()
pas_dispatcher = p.acl_users.manage_addProduct['PluggableAuthService'] pas_dispatcher = p.acl_users.manage_addProduct['PluggableAuthService']
...@@ -1842,12 +1832,6 @@ class ERP5Generator(PortalGenerator): ...@@ -1842,12 +1832,6 @@ class ERP5Generator(PortalGenerator):
p.acl_users.erp5_roles.manage_activateInterfaces(('IRolesPlugin',)) p.acl_users.erp5_roles.manage_activateInterfaces(('IRolesPlugin',))
p.acl_users.erp5_user_factory.manage_activateInterfaces( p.acl_users.erp5_user_factory.manage_activateInterfaces(
('IUserFactoryPlugin',)) ('IUserFactoryPlugin',))
elif withnuxgroups:
# NuxUserGroups user folder
p.manage_addProduct['NuxUserGroups'].addUserFolderWithGroups()
else:
# Standard user folder
PortalGenerator.setupUserFolder(self, p)
def setupPermissions(self, p): def setupPermissions(self, p):
permission_dict = { permission_dict = {
......
...@@ -54,21 +54,6 @@ ...@@ -54,21 +54,6 @@
</tuple> </tuple>
</value> </value>
</item> </item>
<item>
<key> <string>__ac_local_group_roles__</string> </key>
<value>
<dictionary>
<item>
<key> <string>role:Authenticated</string> </key>
<value>
<list>
<string>Auditor</string>
</list>
</value>
</item>
</dictionary>
</value>
</item>
<item> <item>
<key> <string>_count</string> </key> <key> <string>_count</string> </key>
<value> <value>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
<tuple/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string># XXX For now, this script requires proxy manager\n
\n
# user_folder: NuxUserGroups or PluggableAuthService at the root of the ERP5Site.\n
user_folder = context.portal_url.getPortalObject()[\'acl_users\']\n
\n
# This script must work with NuxUserGroup and PAS\n
PAS_installed = 0\n
if user_folder.meta_type == \'Pluggable Auth Service\':\n
PAS_installed = 1\n
\n
# get the current logged in user\n
if PAS_installed:\n
user_id = context.portal_membership.getAuthenticatedMember().getId()\n
else:\n
user_id = context.portal_membership.getAuthenticatedMember().getUserName()\n
person = context.person[user_id]\n
\n
assignment_list = person.contentValues(filter={\'portal_type\': \'Assignment\'})\n
\n
if len(assignment_list) == 0:\n
return []\n
\n
valid_assignment_list = []\n
\n
for a in assignment_list:\n
if a.getValidationState() == \'open\':\n
valid_assignment_list.append(a)\n
\n
return valid_assignment_list\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>_getitem_</string>
<string>_getattr_</string>
<string>context</string>
<string>user_folder</string>
<string>PAS_installed</string>
<string>user_id</string>
<string>person</string>
<string>assignment_list</string>
<string>len</string>
<string>valid_assignment_list</string>
<string>_getiter_</string>
<string>a</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_getUserAssignmentList</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
1359 1360
\ No newline at end of file \ No newline at end of file
...@@ -1914,16 +1914,13 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor): ...@@ -1914,16 +1914,13 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
""" """
new_local_roles = {'ac':['Owner', 'Manager'], new_local_roles = {'ac':['Owner', 'Manager'],
'group_function': ['Auditor']} 'group_function': ['Auditor']}
new_local_group_roles = {'role:Authenticated':['Owner', 'Manager']}
p = self.getPortal() p = self.getPortal()
module_id = sequence.get('module_id') module_id = sequence.get('module_id')
module = p._getOb(module_id, None) module = p._getOb(module_id, None)
self.failUnless(module is not None) self.failUnless(module is not None)
module.__ac_local_roles__ = new_local_roles module.__ac_local_roles__ = new_local_roles
module.__ac_local_group_roles__ = new_local_group_roles
self.assertEquals(module.__ac_local_roles__, new_local_roles) self.assertEquals(module.__ac_local_roles__, new_local_roles)
self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles) sequence.edit(local_roles=new_local_roles)
sequence.edit(local_roles=new_local_roles, local_group_roles=new_local_group_roles)
def stepRemoveLocalRoles(self, sequence=None, sequence_list=None, **kw): def stepRemoveLocalRoles(self, sequence=None, sequence_list=None, **kw):
""" """
...@@ -1934,11 +1931,8 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor): ...@@ -1934,11 +1931,8 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
module = p._getOb(module_id, None) module = p._getOb(module_id, None)
self.failUnless(module is not None) self.failUnless(module is not None)
module.__ac_local_roles__ = {'someone_else': ['Associate']} module.__ac_local_roles__ = {'someone_else': ['Associate']}
module.__ac_local_group_roles__ = {}
new_local_roles = sequence.get('local_roles') new_local_roles = sequence.get('local_roles')
new_local_group_roles = sequence.get('local_group_roles')
self.assertNotEquals(module.__ac_local_roles__, new_local_roles) self.assertNotEquals(module.__ac_local_roles__, new_local_roles)
self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles)
def stepAddLocalRolesToBusinessTemplate(self, sequence=None, sequence_list=None, **kw): def stepAddLocalRolesToBusinessTemplate(self, sequence=None, sequence_list=None, **kw):
""" """
...@@ -1954,26 +1948,22 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor): ...@@ -1954,26 +1948,22 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
Check presence of local roles Check presence of local roles
""" """
new_local_roles = sequence.get('local_roles') new_local_roles = sequence.get('local_roles')
new_local_group_roles = sequence.get('local_group_roles')
p = self.getPortal() p = self.getPortal()
module_id = sequence.get('module_id') module_id = sequence.get('module_id')
module = p._getOb(module_id, None) module = p._getOb(module_id, None)
self.failUnless(module is not None) self.failUnless(module is not None)
self.assertEquals(module.__ac_local_roles__, new_local_roles) self.assertEquals(module.__ac_local_roles__, new_local_roles)
self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles)
def stepCheckLocalRolesRemoved(self, sequence=None, sequence_list=None, **kw): def stepCheckLocalRolesRemoved(self, sequence=None, sequence_list=None, **kw):
""" """
Check non-presence of local roles Check non-presence of local roles
""" """
new_local_roles = sequence.get('local_roles') new_local_roles = sequence.get('local_roles')
new_local_group_roles = sequence.get('local_group_roles')
p = self.getPortal() p = self.getPortal()
module_id = sequence.get('module_id') module_id = sequence.get('module_id')
module = p._getOb(module_id, None) module = p._getOb(module_id, None)
self.failUnless(module is not None) self.failUnless(module is not None)
self.assertNotEquals(module.__ac_local_roles__, new_local_roles) self.assertNotEquals(module.__ac_local_roles__, new_local_roles)
self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles)
# Document, Property Sheet, Extension And Test # Document, Property Sheet, Extension And Test
# they use the same class so only one test is required for them # they use the same class so only one test is required for them
......
...@@ -121,18 +121,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase): ...@@ -121,18 +121,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
self.getUserFolder()._doAddUser('manager', '', all_roles, []) self.getUserFolder()._doAddUser('manager', '', all_roles, [])
self.login('manager') self.login('manager')
self.assignPASRolesToUser('test_user_1_', all_roles) self.assignPASRolesToUser('test_user_1_', all_roles)
def checkUserFolderType(self, quiet=0, run=run_all_test):
"""
Check the type of user folder to let the test working with both NuxUserGroup and PAS.
"""
self.user_folder = self.getUserFolder()
self.PAS_installed = 0
if self.user_folder.meta_type == 'Pluggable Auth Service':
# we use PAS
self.PAS_installed = 1
def assignPASRolesToUser(self, user_name, role_list, quiet=0, run=run_all_test): def assignPASRolesToUser(self, user_name, role_list, quiet=0, run=run_all_test):
""" """
Assign a list of roles to one user with PAS. Assign a list of roles to one user with PAS.
...@@ -163,20 +153,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase): ...@@ -163,20 +153,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
, group = user_data[3] , group = user_data[3]
, site = user_data[4] , site = user_data[4]
) )
if self.PAS_installed and len(user_roles) > 0: # In the case of PAS, if we want global roles on user, we have to do it manually.
# In the case of PAS, if we want global roles on user, we have to do it manually. self.assignPASRolesToUser(user_login, user_roles)
self.assignPASRolesToUser(user_login, user_roles)
elif not self.PAS_installed:
# The user_folder counterpart of the erp5 user must be
# created manually in the case of NuxUserGroup.
self.user_folder.userFolderAddUser( name = user_login
, password = ''
, roles = user_roles
, domains = []
)
# User assignment to security groups is also required, but is taken care of
# by the assignment workflow when NuxUserGroup is used and
# by ERP5Security PAS plugins in the context of PAS use.
assignment.open() assignment.open()
person.validate() person.validate()
...@@ -234,7 +212,6 @@ class TestImmobilisationMixin(ERP5TypeTestCase): ...@@ -234,7 +212,6 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
self.tic() self.tic()
self.workflow_tool = self.getWorkflowTool() self.workflow_tool = self.getWorkflowTool()
self.checkUserFolderType()
def beforeTearDown(self): def beforeTearDown(self):
""" """
......
...@@ -35,7 +35,6 @@ from Products.ERP5Type.Cache import CachingMethod ...@@ -35,7 +35,6 @@ from Products.ERP5Type.Cache import CachingMethod
from AccessControl import ClassSecurityInfo, getSecurityManager from AccessControl import ClassSecurityInfo, getSecurityManager
from Products.CMFCore.CatalogTool import IndexableObjectWrapper as CMFCoreIndexableObjectWrapper from Products.CMFCore.CatalogTool import IndexableObjectWrapper as CMFCoreIndexableObjectWrapper
from Products.CMFCore.utils import UniqueObject, _checkPermission, _getAuthenticatedUser, getToolByName from Products.CMFCore.utils import UniqueObject, _checkPermission, _getAuthenticatedUser, getToolByName
from Products.CMFCore.utils import _mergedLocalRoles
from Products.ERP5Type.Globals import InitializeClass, DTMLFile, package_home from Products.ERP5Type.Globals import InitializeClass, DTMLFile, package_home
from Acquisition import aq_base, aq_inner, aq_parent, ImplicitAcquisitionWrapper from Acquisition import aq_base, aq_inner, aq_parent, ImplicitAcquisitionWrapper
from DateTime.DateTime import DateTime from DateTime.DateTime import DateTime
...@@ -49,6 +48,7 @@ from Products.CMFCore.Expression import Expression ...@@ -49,6 +48,7 @@ from Products.CMFCore.Expression import Expression
from Products.PageTemplates.Expressions import getEngine from Products.PageTemplates.Expressions import getEngine
from MethodObject import Method from MethodObject import Method
from Products.ERP5Security import mergedLocalRoles
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products.ERP5Security.ERP5UserManager import SUPER_USER
from Products.ERP5Type.Utils import sqlquote from Products.ERP5Type.Utils import sqlquote
...@@ -57,42 +57,11 @@ import sys ...@@ -57,42 +57,11 @@ import sys
from zLOG import LOG, PROBLEM, WARNING, INFO from zLOG import LOG, PROBLEM, WARNING, INFO
import sets import sets
SECURITY_USING_NUX_USER_GROUPS, SECURITY_USING_PAS = range(2)
ACQUIRE_PERMISSION_VALUE = [] ACQUIRE_PERMISSION_VALUE = []
try:
from Products.PluggableAuthService import PluggableAuthService
PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type
except ImportError:
PAS_meta_type = ''
try:
from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles
except ImportError:
pass
try:
from Products.NuxUserGroups import UserFolderWithGroups
NUG_meta_type = UserFolderWithGroups.meta_type
except ImportError:
NUG_meta_type = ''
try:
from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
except ImportError:
pass
from Persistence import Persistent from Persistence import Persistent
from Acquisition import Implicit from Acquisition import Implicit
def getSecurityProduct(acl_users):
"""returns the security used by the user folder passed.
(NuxUserGroup, ERP5Security, or None if anything else).
"""
if acl_users.meta_type == PAS_meta_type:
return SECURITY_USING_PAS
elif acl_users.meta_type == NUG_meta_type:
return SECURITY_USING_NUX_USER_GROUPS
class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
...@@ -118,17 +87,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): ...@@ -118,17 +87,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
result_key = '_cache_result' result_key = '_cache_result'
if result_key not in self.__dict__: if result_key not in self.__dict__:
ob = self.__ob ob = self.__ob
security_product = getSecurityProduct(ob.acl_users) localroles = mergedLocalRoles(ob)
withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS
withpas = security_product == SECURITY_USING_PAS
if withnuxgroups:
localroles = mergedLocalRoles(ob, withgroups=1)
elif withpas:
localroles = PAS_mergedLocalRoles(ob)
else:
# CMF
localroles = _mergedLocalRoles(ob)
# For each group or user, we have a list of roles, this list # For each group or user, we have a list of roles, this list
# give in this order : [roles on object, roles acquired on the parent, # give in this order : [roles on object, roles acquired on the parent,
# roles acquired on the parent of the parent....] # roles acquired on the parent of the parent....]
...@@ -170,10 +129,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): ...@@ -170,10 +129,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
user_role_dict = {} user_role_dict = {}
user_view_permission_role_dict = {} user_view_permission_role_dict = {}
for user, roles in localroles.iteritems(): for user, roles in localroles.iteritems():
if withnuxgroups: prefix = 'user:' + user
prefix = user
else:
prefix = 'user:' + user
for role in roles: for role in roles:
if (role in role_dict) and (getUserById(user) is not None): if (role in role_dict) and (getUserById(user) is not None):
# If role is monovalued, check if key is a user. # If role is monovalued, check if key is a user.
...@@ -408,8 +364,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -408,8 +364,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return msg return msg
def _listAllowedRolesAndUsers(self, user): def _listAllowedRolesAndUsers(self, user):
security_product = getSecurityProduct(self.acl_users)
if security_product == SECURITY_USING_PAS:
# We use ERP5Security PAS based authentication # We use ERP5Security PAS based authentication
try: try:
# check for proxy role in stack # check for proxy role in stack
...@@ -436,10 +390,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -436,10 +390,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
result.append('user:%s' % group) result.append('user:%s' % group)
# end groups # end groups
return result return result
elif security_product == SECURITY_USING_NUX_USER_GROUPS:
return _getAllowedRolesAndUsers(user)
else:
return CMFCoreCatalogTool._listAllowedRolesAndUsers(self, user)
# Schema Management # Schema Management
def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None): def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):
......
...@@ -35,22 +35,10 @@ from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod ...@@ -35,22 +35,10 @@ from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
from Products.ERP5Type.Utils import deprecated, createExpressionContext from Products.ERP5Type.Utils import deprecated, createExpressionContext
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Security import ERP5UserManager
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT = 'ERP5Type_asSecurityGroupId' ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT = 'ERP5Type_asSecurityGroupId'
# Security uses ERP5Security by default
try:
from Products.ERP5Security import ERP5UserManager
except ImportError:
ERP5UserManager = None
# If ERP5Security is not installed try NuxUserGroups
if ERP5UserManager is None:
try:
from Products import NuxUserGroups
except ImportError:
NuxUserGroups = None
from TranslationProviderBase import TranslationProviderBase from TranslationProviderBase import TranslationProviderBase
from sys import exc_info from sys import exc_info
...@@ -81,48 +69,23 @@ class LocalRoleAssignorMixIn(object): ...@@ -81,48 +69,23 @@ class LocalRoleAssignorMixIn(object):
if owner: if owner:
user_name = owner[1] user_name = owner[1]
else: else:
#FIXME We should check the type of the acl_users folder instead of user_name = getSecurityManager().getUser().getId()
# checking which product is installed.
if ERP5UserManager is not None:
# We use id for roles in ERP5Security
user_name = getSecurityManager().getUser().getId()
elif NuxUserGroups is not None:
user_name = getSecurityManager().getUser().getUserName()
else:
raise RuntimeError('Product "ERP5Security" was not found on your'
' setup. Please install it to benefit from group-based security')
group_id_role_dict = self.getLocalRolesFor(ob, user_name) group_id_role_dict = self.getLocalRolesFor(ob, user_name)
# Update role assignments to groups ## Update role assignments to groups
if ERP5UserManager is not None: # Default implementation # Clean old group roles
# Clean old group roles old_group_list = ob.get_local_roles()
old_group_list = ob.get_local_roles() ob.manage_delLocalRoles([x[0] for x in old_group_list])
ob.manage_delLocalRoles([x[0] for x in old_group_list]) # Save the owner
# Save the owner for group, role_list in old_group_list:
for group, role_list in old_group_list: if 'Owner' in role_list:
if 'Owner' in role_list: group_id_role_dict.setdefault(group, set()).add('Owner')
group_id_role_dict.setdefault(group, set()).add('Owner') # Assign new roles
# Assign new roles for group, role_list in group_id_role_dict.iteritems():
for group, role_list in group_id_role_dict.iteritems(): if role_list:
if role_list:
ob.manage_addLocalRoles(group, role_list)
else: # NuxUserGroups implementation
# Clean old group roles
old_group_list = ob.get_local_group_roles()
# We duplicate role settings to mimic PAS
ob.manage_delLocalGroupRoles([x[0] for x in old_group_list])
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
# We duplicate role settings to mimic PAS
ob.manage_addLocalGroupRoles(group, role_list)
ob.manage_addLocalRoles(group, role_list) ob.manage_addLocalRoles(group, role_list)
# Make sure that the object is reindexed ## Make sure that the object is reindexed
if reindex: if reindex:
ob.reindexObjectSecurity() ob.reindexObjectSecurity()
......
...@@ -123,7 +123,6 @@ ZopeTestCase.installProduct('PortalTransforms', quiet=install_product_quiet) ...@@ -123,7 +123,6 @@ ZopeTestCase.installProduct('PortalTransforms', quiet=install_product_quiet)
ZopeTestCase.installProduct('MimetypesRegistry', quiet=install_product_quiet) ZopeTestCase.installProduct('MimetypesRegistry', quiet=install_product_quiet)
# Security Stuff # Security Stuff
ZopeTestCase.installProduct('NuxUserGroups', quiet=install_product_quiet)
ZopeTestCase.installProduct('PluggableAuthService', quiet=install_product_quiet) ZopeTestCase.installProduct('PluggableAuthService', quiet=install_product_quiet)
ZopeTestCase.installProduct('ERP5Security', quiet=install_product_quiet) ZopeTestCase.installProduct('ERP5Security', quiet=install_product_quiet)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment