From 52b94f6227cb2c1b1f7739827d8bd8e65e5c7a63 Mon Sep 17 00:00:00 2001 From: Jean-Paul Smets <jp@nexedi.com> Date: Sun, 30 Oct 2005 15:26:50 +0000 Subject: [PATCH] Initial revision git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4167 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Security/ERP5GroupManager.py | 106 +++++++++++++ product/ERP5Security/ERP5RoleManager.py | 71 +++++++++ product/ERP5Security/ERP5UserManager.py | 149 ++++++++++++++++++ product/ERP5Security/__init__.py | 57 +++++++ product/ERP5Security/refresh.txt | 0 .../www/ERP5Security_addERP5GroupManager.zpt | 46 ++++++ .../www/ERP5Security_addERP5RoleManager.zpt | 45 ++++++ .../www/ERP5Security_addERP5UserManager.zpt | 46 ++++++ product/ERP5Security/www/portal.gif | Bin 0 -> 281 bytes 9 files changed, 520 insertions(+) create mode 100755 product/ERP5Security/ERP5GroupManager.py create mode 100755 product/ERP5Security/ERP5RoleManager.py create mode 100755 product/ERP5Security/ERP5UserManager.py create mode 100755 product/ERP5Security/__init__.py create mode 100755 product/ERP5Security/refresh.txt create mode 100755 product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt create mode 100755 product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt create mode 100755 product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt create mode 100755 product/ERP5Security/www/portal.gif diff --git a/product/ERP5Security/ERP5GroupManager.py b/product/ERP5Security/ERP5GroupManager.py new file mode 100755 index 0000000000..c65ee583bb --- /dev/null +++ b/product/ERP5Security/ERP5GroupManager.py @@ -0,0 +1,106 @@ +############################################################################## +# +# Copyright (c) 2001 Zope Corporation and Contributors. All Rights +# Reserved. +# +# This software is subject to the provisions of the Zope Public License, +# Version 2.1 (ZPL). A copy of the ZPL should accompany this +# distribution. +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +# FOR A PARTICULAR PURPOSE. +# +############################################################################## +""" Classes: ERP5GroupManager +""" + +from Globals import InitializeClass +from AccessControl import ClassSecurityInfo +from AccessControl.SecurityManagement import newSecurityManager, getSecurityManager +from Products.PageTemplates.PageTemplateFile import PageTemplateFile +from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin +from Products.PluggableAuthService.utils import classImplements +from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin +from Products.ERP5Type.Cache import CachingMethod + +from zLOG import LOG + +manage_addERP5GroupManagerForm = PageTemplateFile( + 'www/ERP5Security_addERP5GroupManager', globals(), __name__='manage_addERP5GroupManagerForm' ) + +def addERP5GroupManager( dispatcher, id, title=None, REQUEST=None ): + """ Add a ERP5GroupManager to a Pluggable Auth Service. """ + + egm = ERP5GroupManager(id, title) + dispatcher._setObject(egm.getId(), egm) + + if REQUEST is not None: + REQUEST['RESPONSE'].redirect( + '%s/manage_workspace' + '?manage_tabs_message=' + 'ERP5GroupManager+added.' + % dispatcher.absolute_url()) + +class ERP5GroupManager(BasePlugin): + + """ PAS plugin for dynamically adding Groups + based on Assignments in ERP5 + """ + meta_type = 'ERP5 Group Manager' + + security = ClassSecurityInfo() + + def __init__(self, id, title=None): + + self._id = self.id = id + self.title = title + + # + # IGroupsPlugin implementation + # + def getGroupsForPrincipal(self, principal, request=None): + """ See IGroupsPlugin. + """ + def _getGroupsForPrincipal(user_name, path): + security_group_list = [] + + # because we aren't logged in, we have to create our own + # SecurityManager to be able to access the Catalog + newSecurityManager(self, self.getPortalObject().getOwner()) + base_category_list = self.getPortalObject().getPortalAssignmentsBaseCategoryList() + + user_name = principal.getId() + + person_module = self.getPortalObject().getDefaultModule('Person') + person_object = getattr(person_module, user_name, None) + + # return no groups if the username is not registered in person module + if not person_object: + return () + + # Fetch category values from assignment + category_list = self.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, self, '') + + # return no groups if we there are no Security Categories + if not category_list: + return () + + # Get group names from category values + for c_dict in category_list: + security_group_list.append(self.ERP5Type_asSecurityGroupId(category_order=base_category_list, **c_dict)) + + LOG('erp5_groups', 0, 'user %s is member of %s' %(user_name, str(security_group_list))) + + return tuple(security_group_list) + + _getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal') + return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath()) + + + +classImplements( ERP5GroupManager + , IGroupsPlugin + ) + +InitializeClass(ERP5GroupManager) diff --git a/product/ERP5Security/ERP5RoleManager.py b/product/ERP5Security/ERP5RoleManager.py new file mode 100755 index 0000000000..5305970239 --- /dev/null +++ b/product/ERP5Security/ERP5RoleManager.py @@ -0,0 +1,71 @@ +############################################################################## +# +# Copyright (c) 2001 Zope Corporation and Contributors. All Rights +# Reserved. +# +# This software is subject to the provisions of the Zope Public License, +# Version 2.1 (ZPL). A copy of the ZPL should accompany this +# distribution. +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +# FOR A PARTICULAR PURPOSE. +# +############################################################################## +""" Classes: ERP5RoleManager +""" + +from Globals import InitializeClass +from AccessControl import ClassSecurityInfo +from Products.PageTemplates.PageTemplateFile import PageTemplateFile +from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin +from Products.PluggableAuthService.utils import classImplements +from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin + +manage_addERP5RoleManagerForm = PageTemplateFile( + 'www/ERP5Security_addERP5RoleManager', globals(), __name__='manage_addERP5RoleManagerForm' ) + +def addERP5RoleManager( dispatcher, id, title=None, REQUEST=None ): + """ Add a ERP5RoleManager to a Pluggable Auth Service. """ + + erm = ERP5RoleManager(id, title) + dispatcher._setObject(erm.getId(), erm) + + if REQUEST is not None: + REQUEST['RESPONSE'].redirect( + '%s/manage_workspace' + '?manage_tabs_message=' + 'ERP5RoleManager+added.' + % dispatcher.absolute_url()) + +class ERP5RoleManager( BasePlugin ): + + """ PAS plugin to add 'Member' as default + Role for every user. + """ + meta_type = 'ERP5 Role Manager' + + security = ClassSecurityInfo() + + def __init__(self, id, title=None): + + self._id = self.id = id + self.title = title + + # + # IRolesPlugin implementation + # + security.declarePrivate( 'getRolesForPrincipal' ) + def getRolesForPrincipal( self, principal, request=None ): + """ See IRolesPlugin. + We only ever return Member for every principal + """ + + return ('Member',) + +classImplements( ERP5RoleManager + , IRolesPlugin + ) + + +InitializeClass(ERP5RoleManager) diff --git a/product/ERP5Security/ERP5UserManager.py b/product/ERP5Security/ERP5UserManager.py new file mode 100755 index 0000000000..0e7eb81aa5 --- /dev/null +++ b/product/ERP5Security/ERP5UserManager.py @@ -0,0 +1,149 @@ +############################################################################## +# +# Copyright (c) 2001 Zope Corporation and Contributors. All Rights +# Reserved. +# +# This software is subject to the provisions of the Zope Public License, +# Version 2.1 (ZPL). A copy of the ZPL should accompany this +# distribution. +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +# FOR A PARTICULAR PURPOSE. +# +############################################################################## +""" Classes: ERP5UserManager +""" + +from Globals import InitializeClass +from AccessControl import ClassSecurityInfo +from AccessControl.SecurityManagement import newSecurityManager +from Products.PageTemplates.PageTemplateFile import PageTemplateFile +from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin +from Products.PluggableAuthService.utils import classImplements +from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlugin +from Products.PluggableAuthService.interfaces.plugins import IUserEnumerationPlugin +from Products.ERP5Type.Cache import CachingMethod + +from zLOG import LOG + +manage_addERP5UserManagerForm = PageTemplateFile( + 'www/ERP5Security_addERP5UserManager', globals(), __name__='manage_addERP5UserManagerForm' ) + +def addERP5UserManager(dispatcher, id, title=None, REQUEST=None): + """ Add a ERP5UserManagern to a Pluggable Auth Service. """ + + eum = ERP5UserManager(id, title) + dispatcher._setObject(eum.getId(), eum) + + if REQUEST is not None: + REQUEST['RESPONSE'].redirect( + '%s/manage_workspace' + '?manage_tabs_message=' + 'ERP5UserManager+added.' + % dispatcher.absolute_url()) + +class ERP5UserManager(BasePlugin): + """ PAS plugin for managing users in ERP5 + """ + + meta_type = 'ERP5 User Manager' + + security = ClassSecurityInfo() + + def __init__(self, id, title=None): + + self._id = self.id = id + self.title = title + + # + # IAuthenticationPlugin implementation + # + security.declarePrivate( 'authenticateCredentials' ) + def authenticateCredentials(self, credentials): + """ See IAuthenticationPlugin. + + o We expect the credentials to be those returned by + ILoginPasswordExtractionPlugin. + """ + def _authenticateCredentials(login, password, path): + if login is None or password is None: + return None + + user_list = self.getUserByLogin(login) + + if not user_list: + return None + + user = user_list[0] + + if user.getPassword() == password: + LOG('authenticateCredentials', 0, user.getId()) + return user.getId(), login + + return None + + _authenticateCredentials = CachingMethod(_authenticateCredentials, id='ERP5UserManager_authenticateCredentials') + return _authenticateCredentials(login=credentials.get('login'), password=credentials.get('password'), path=self.getPhysicalPath()) + + # + # IUserEnumerationPlugin implementation + # + security.declarePrivate( 'enumerateUsers' ) + def enumerateUsers(self, id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw): + """ See IUserEnumerationPlugin. + """ + def _enumerateUsers(t_id, path): + user_info = [] + user_objects = [] + plugin_id = self.getId() + + if isinstance(t_id, str): + t_id = (t_id,) + + if t_id: + person_module = self.person + for user_name in t_id: + user = getattr(person_module, user_name, None) + if user: + user_objects.append(user) + + elif login: + user_objects.extend(self.getUserByLogin(login)) + + for user in user_objects: + LOG('enumerateUsers', 0, user.getId()) + info = { 'id' : user.getId() + , 'login' : user.getReference() + , 'pluginid' : plugin_id + } + + user_info.append(info) + + return tuple(user_info) + + _enumerateUsers = CachingMethod(_enumerateUsers, id='ERP5UserManager_enumerateUsers') + + if isinstance(id, list): + id = tuple(id) + return _enumerateUsers(t_id=id, path=self.getPhysicalPath()) + + def getUserByLogin(self, login): + """ + Search the Catalog for login and return a list of person objects + login can be a string list or a list of strings + """ + # because we aren't logged in, we have to create our own + # SecurityManager to be able to access the Catalog + newSecurityManager(self, self.getPortalObject().portal_catalog.getOwner()) + + result = self.getPortalObject().portal_catalog(portal_type="Person", reference=login) + + return [item.getObject() for item in result] + +classImplements( ERP5UserManager + , IAuthenticationPlugin + , IUserEnumerationPlugin + ) + +InitializeClass(ERP5UserManager) diff --git a/product/ERP5Security/__init__.py b/product/ERP5Security/__init__.py new file mode 100755 index 0000000000..de1135e5de --- /dev/null +++ b/product/ERP5Security/__init__.py @@ -0,0 +1,57 @@ +############################################################################## +# +# Copyright (c) 2001 Zope Corporation and Contributors. All Rights +# Reserved. +# +# This software is subject to the provisions of the Zope Public License, +# Version 2.1 (ZPL). A copy of the ZPL should accompany this +# distribution. +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +# FOR A PARTICULAR PURPOSE. +# +############################################################################## +""" ERP5Security product initialization. +""" + +from AccessControl.Permissions import manage_users as ManageUsers +from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin +from Products.PluggableAuthService.permissions import ManageGroups + +import ERP5UserManager +import ERP5GroupManager +import ERP5RoleManager + +registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type) +registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type) +registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type) + +def initialize(context): + + context.registerClass( ERP5UserManager.ERP5UserManager + , permission=ManageUsers + , constructors=( + ERP5UserManager.manage_addERP5UserManagerForm, + ERP5UserManager.addERP5UserManager, ) + , visibility=None + , icon='www/portal.gif' + ) + + context.registerClass( ERP5GroupManager.ERP5GroupManager + , permission=ManageGroups + , constructors=( + ERP5GroupManager.manage_addERP5GroupManagerForm, + ERP5GroupManager.addERP5GroupManager, ) + , visibility=None + , icon='www/portal.gif' + ) + + context.registerClass( ERP5RoleManager.ERP5RoleManager + , permission=ManageUsers + , constructors=( + ERP5RoleManager.manage_addERP5RoleManagerForm, + ERP5RoleManager.addERP5RoleManager, ) + , visibility=None + , icon='www/portal.gif' + ) diff --git a/product/ERP5Security/refresh.txt b/product/ERP5Security/refresh.txt new file mode 100755 index 0000000000..e69de29bb2 diff --git a/product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt b/product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt new file mode 100755 index 0000000000..16e5b33e66 --- /dev/null +++ b/product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt @@ -0,0 +1,46 @@ +<h1 tal:replace="structure here/manage_page_header">Header</h1> + +<h2 tal:define="form_title string:Add ERP5 Group Manager" + tal:replace="structure here/manage_form_title">Form Title</h2> + +<p class="form-help"> +ERP5 Group Manager assigns Groups dynamically to users +based on Assignments in ERP5 +</p> + +<form action="addERP5GroupManager" method="post"> +<table cellspacing="0" cellpadding="2" border="0"> + <tr> + <td align="left" valign="top"> + <div class="form-label"> + Id + </div> + </td> + <td align="left" valign="top"> + <input type="text" name="id" size="40" /> + </td> + </tr> + <tr> + <td align="left" valign="top"> + <div class="form-optional"> + Title + </div> + </td> + <td align="left" valign="top"> + <input type="text" name="title" size="40" /> + </td> + </tr> + <tr> + <td align="left" valign="top"> + </td> + <td align="left" valign="top"> + <div class="form-element"> + <input class="form-element" type="submit" name="submit" + value=" Add " /> + </div> + </td> + </tr> +</table> +</form> + +<h1 tal:replace="structure here/manage_page_footer">Footer</h1> diff --git a/product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt b/product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt new file mode 100755 index 0000000000..430365e523 --- /dev/null +++ b/product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt @@ -0,0 +1,45 @@ +<h1 tal:replace="structure here/manage_page_header">Header</h1> + +<h2 tal:define="form_title string:Add ERP5 Role Manager" + tal:replace="structure here/manage_form_title">Form Title</h2> + +<p class="form-help"> +ERP5 Role Manager adds 'Member' as default Role for every user. +</p> + +<form action="addERP5RoleManager" method="post"> +<table cellspacing="0" cellpadding="2" border="0"> + <tr> + <td align="left" valign="top"> + <div class="form-label"> + Id + </div> + </td> + <td align="left" valign="top"> + <input type="text" name="id" size="40" /> + </td> + </tr> + <tr> + <td align="left" valign="top"> + <div class="form-optional"> + Title + </div> + </td> + <td align="left" valign="top"> + <input type="text" name="title" size="40" /> + </td> + </tr> + <tr> + <td align="left" valign="top"> + </td> + <td align="left" valign="top"> + <div class="form-element"> + <input class="form-element" type="submit" name="submit" + value=" Add " /> + </div> + </td> + </tr> +</table> +</form> + +<h1 tal:replace="structure here/manage_page_footer">Footer</h1> diff --git a/product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt b/product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt new file mode 100755 index 0000000000..cbe50e8ba6 --- /dev/null +++ b/product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt @@ -0,0 +1,46 @@ +<h1 tal:replace="structure here/manage_page_header">Header</h1> + +<h2 tal:define="form_title string:Add ERP5 User Manager" + tal:replace="structure here/manage_form_title">Form Title</h2> + +<p class="form-help"> +ERP5 User Manager applys the users managed in ERP5 person moduel +to the Pluggable Authentication Service +</p> + +<form action="addERP5UserManager" method="post"> +<table cellspacing="0" cellpadding="2" border="0"> + <tr> + <td align="left" valign="top"> + <div class="form-label"> + Id + </div> + </td> + <td align="left" valign="top"> + <input type="text" name="id" size="40" /> + </td> + </tr> + <tr> + <td align="left" valign="top"> + <div class="form-optional"> + Title + </div> + </td> + <td align="left" valign="top"> + <input type="text" name="title" size="40" /> + </td> + </tr> + <tr> + <td align="left" valign="top"> + </td> + <td align="left" valign="top"> + <div class="form-element"> + <input class="form-element" type="submit" name="submit" + value=" Add " /> + </div> + </td> + </tr> +</table> +</form> + +<h1 tal:replace="structure here/manage_page_footer">Footer</h1> diff --git a/product/ERP5Security/www/portal.gif b/product/ERP5Security/www/portal.gif new file mode 100755 index 0000000000000000000000000000000000000000..05a5a14d61c6459950f1c5e355cc7ca629f8771a GIT binary patch literal 281 zcmV+!0p|WkNk%w1VGsZi0E7SltgO8=Gh7T1K>z?V2M0MjJ7U(>-WfAyDN=<qW|=}l zXy4!E6DL|PUXdwQix7UX0KNDUbEyE#|4&bH|NsB8vcVV_MgW7_0HEmyhROzW!xc@E z0A|d+y~+q!umAu5A^8LW6aXIpEC2ui01yBW000G+;3s}SAPfUh0OM#B#DOFUauCYm z22A5T5J<$)U<7oZLhm7IIv>ReiO_gZD3Yr)(hyV%2Zs~ult3H@1pyHWy5B;CWstaF z?)ZErL7;0cfPsP<2?GKM8yt#@j2j373So?s9B2v^0t$(g92*J*9Ul`tn~hN-20T6+ f9v&M+3^^kUYBDr70ux9r6$%0b1QrvaBOw4gkqKOD literal 0 HcmV?d00001 -- 2.30.9