From 52b94f6227cb2c1b1f7739827d8bd8e65e5c7a63 Mon Sep 17 00:00:00 2001
From: Jean-Paul Smets <jp@nexedi.com>
Date: Sun, 30 Oct 2005 15:26:50 +0000
Subject: [PATCH] Initial revision

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4167 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Security/ERP5GroupManager.py      | 106 +++++++++++++
 product/ERP5Security/ERP5RoleManager.py       |  71 +++++++++
 product/ERP5Security/ERP5UserManager.py       | 149 ++++++++++++++++++
 product/ERP5Security/__init__.py              |  57 +++++++
 product/ERP5Security/refresh.txt              |   0
 .../www/ERP5Security_addERP5GroupManager.zpt  |  46 ++++++
 .../www/ERP5Security_addERP5RoleManager.zpt   |  45 ++++++
 .../www/ERP5Security_addERP5UserManager.zpt   |  46 ++++++
 product/ERP5Security/www/portal.gif           | Bin 0 -> 281 bytes
 9 files changed, 520 insertions(+)
 create mode 100755 product/ERP5Security/ERP5GroupManager.py
 create mode 100755 product/ERP5Security/ERP5RoleManager.py
 create mode 100755 product/ERP5Security/ERP5UserManager.py
 create mode 100755 product/ERP5Security/__init__.py
 create mode 100755 product/ERP5Security/refresh.txt
 create mode 100755 product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt
 create mode 100755 product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt
 create mode 100755 product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt
 create mode 100755 product/ERP5Security/www/portal.gif

diff --git a/product/ERP5Security/ERP5GroupManager.py b/product/ERP5Security/ERP5GroupManager.py
new file mode 100755
index 0000000000..c65ee583bb
--- /dev/null
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -0,0 +1,106 @@
+##############################################################################
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
+# Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this
+# distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Classes: ERP5GroupManager
+"""
+
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.SecurityManagement import newSecurityManager, getSecurityManager
+from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
+from Products.PluggableAuthService.utils import classImplements
+from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
+from Products.ERP5Type.Cache import CachingMethod
+
+from zLOG import LOG
+
+manage_addERP5GroupManagerForm = PageTemplateFile(
+    'www/ERP5Security_addERP5GroupManager', globals(), __name__='manage_addERP5GroupManagerForm' )
+
+def addERP5GroupManager( dispatcher, id, title=None, REQUEST=None ):
+    """ Add a ERP5GroupManager to a Pluggable Auth Service. """
+
+    egm = ERP5GroupManager(id, title)
+    dispatcher._setObject(egm.getId(), egm)
+
+    if REQUEST is not None:
+        REQUEST['RESPONSE'].redirect(
+                                '%s/manage_workspace'
+                                '?manage_tabs_message='
+                                'ERP5GroupManager+added.'
+                            % dispatcher.absolute_url())
+
+class ERP5GroupManager(BasePlugin):
+
+    """ PAS plugin for dynamically adding Groups
+    based on Assignments in ERP5
+    """
+    meta_type = 'ERP5 Group Manager'
+
+    security = ClassSecurityInfo()
+    
+    def __init__(self, id, title=None):
+
+        self._id = self.id = id
+        self.title = title
+
+    #
+    #   IGroupsPlugin implementation
+    #
+    def getGroupsForPrincipal(self, principal, request=None):
+        """ See IGroupsPlugin.
+        """
+        def _getGroupsForPrincipal(user_name, path):
+            security_group_list = []
+                    
+            # because we aren't logged in, we have to create our own
+            # SecurityManager to be able to access the Catalog
+            newSecurityManager(self, self.getPortalObject().getOwner())
+            base_category_list = self.getPortalObject().getPortalAssignmentsBaseCategoryList()
+            
+            user_name = principal.getId()
+            
+            person_module = self.getPortalObject().getDefaultModule('Person')
+            person_object = getattr(person_module, user_name, None)
+            
+            # return no groups if the username is not registered in person module
+            if not person_object:
+                return ()
+            
+            # Fetch category values from assignment
+            category_list = self.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, self, '')
+            
+            # return no groups if we there are no Security Categories
+            if not category_list:
+                return ()
+                    
+            # Get group names from category values
+            for c_dict in category_list:
+                security_group_list.append(self.ERP5Type_asSecurityGroupId(category_order=base_category_list, **c_dict))
+                
+            LOG('erp5_groups', 0, 'user %s is member of %s' %(user_name, str(security_group_list)))
+            
+            return tuple(security_group_list)
+    
+        _getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal')
+        return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath())
+
+
+    
+classImplements( ERP5GroupManager
+               , IGroupsPlugin
+               )
+
+InitializeClass(ERP5GroupManager)
diff --git a/product/ERP5Security/ERP5RoleManager.py b/product/ERP5Security/ERP5RoleManager.py
new file mode 100755
index 0000000000..5305970239
--- /dev/null
+++ b/product/ERP5Security/ERP5RoleManager.py
@@ -0,0 +1,71 @@
+##############################################################################
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
+# Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this
+# distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Classes: ERP5RoleManager
+"""
+
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
+from Products.PluggableAuthService.utils import classImplements
+from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin
+
+manage_addERP5RoleManagerForm = PageTemplateFile(
+    'www/ERP5Security_addERP5RoleManager', globals(), __name__='manage_addERP5RoleManagerForm' )
+
+def addERP5RoleManager( dispatcher, id, title=None, REQUEST=None ):
+    """ Add a ERP5RoleManager to a Pluggable Auth Service. """
+
+    erm = ERP5RoleManager(id, title)
+    dispatcher._setObject(erm.getId(), erm)
+
+    if REQUEST is not None:
+        REQUEST['RESPONSE'].redirect(
+                                '%s/manage_workspace'
+                                '?manage_tabs_message='
+                                'ERP5RoleManager+added.'
+                            % dispatcher.absolute_url())
+        
+class ERP5RoleManager( BasePlugin ):
+
+    """ PAS plugin to add 'Member' as default
+    Role for every user.
+    """
+    meta_type = 'ERP5 Role Manager'
+
+    security = ClassSecurityInfo()
+
+    def __init__(self, id, title=None):
+
+        self._id = self.id = id
+        self.title = title
+        
+    #
+    #   IRolesPlugin implementation
+    #
+    security.declarePrivate( 'getRolesForPrincipal' )
+    def getRolesForPrincipal( self, principal, request=None ):
+        """ See IRolesPlugin.
+        We only ever return Member for every principal
+        """
+        
+        return ('Member',)
+    
+classImplements( ERP5RoleManager
+               , IRolesPlugin
+               )
+
+
+InitializeClass(ERP5RoleManager)
diff --git a/product/ERP5Security/ERP5UserManager.py b/product/ERP5Security/ERP5UserManager.py
new file mode 100755
index 0000000000..0e7eb81aa5
--- /dev/null
+++ b/product/ERP5Security/ERP5UserManager.py
@@ -0,0 +1,149 @@
+##############################################################################
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
+# Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this
+# distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Classes: ERP5UserManager
+"""
+
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.SecurityManagement import newSecurityManager
+from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
+from Products.PluggableAuthService.utils import classImplements
+from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlugin
+from Products.PluggableAuthService.interfaces.plugins import IUserEnumerationPlugin
+from Products.ERP5Type.Cache import CachingMethod
+
+from zLOG import LOG
+
+manage_addERP5UserManagerForm = PageTemplateFile(
+    'www/ERP5Security_addERP5UserManager', globals(), __name__='manage_addERP5UserManagerForm' )
+
+def addERP5UserManager(dispatcher, id, title=None, REQUEST=None):
+    """ Add a ERP5UserManagern to a Pluggable Auth Service. """
+
+    eum = ERP5UserManager(id, title)
+    dispatcher._setObject(eum.getId(), eum)
+
+    if REQUEST is not None:
+        REQUEST['RESPONSE'].redirect(
+                                '%s/manage_workspace'
+                                '?manage_tabs_message='
+                                'ERP5UserManager+added.'
+                            % dispatcher.absolute_url())
+
+class ERP5UserManager(BasePlugin):
+    """ PAS plugin for managing users in ERP5
+    """
+
+    meta_type = 'ERP5 User Manager'
+
+    security = ClassSecurityInfo()
+
+    def __init__(self, id, title=None):
+
+        self._id = self.id = id
+        self.title = title
+
+    #
+    #   IAuthenticationPlugin implementation
+    #
+    security.declarePrivate( 'authenticateCredentials' )
+    def authenticateCredentials(self, credentials):
+        """ See IAuthenticationPlugin.
+        
+        o We expect the credentials to be those returned by
+            ILoginPasswordExtractionPlugin.
+        """
+        def _authenticateCredentials(login, password, path):
+            if login is None or password is None:
+                return None
+            
+            user_list = self.getUserByLogin(login)
+            
+            if not user_list:
+                return None
+            
+            user = user_list[0]
+            
+            if user.getPassword() == password:
+                LOG('authenticateCredentials', 0, user.getId())
+                return user.getId(), login
+            
+            return None
+        
+        _authenticateCredentials = CachingMethod(_authenticateCredentials, id='ERP5UserManager_authenticateCredentials')
+        return _authenticateCredentials(login=credentials.get('login'), password=credentials.get('password'), path=self.getPhysicalPath())
+            
+    #
+    #   IUserEnumerationPlugin implementation
+    #
+    security.declarePrivate( 'enumerateUsers' )
+    def enumerateUsers(self, id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw):
+        """ See IUserEnumerationPlugin.
+        """    
+        def _enumerateUsers(t_id, path):
+            user_info = []
+            user_objects = []
+            plugin_id = self.getId()
+                        
+            if isinstance(t_id, str):
+                t_id = (t_id,)
+                            
+            if t_id:
+                person_module = self.person
+                for user_name in t_id:
+                    user = getattr(person_module, user_name, None)
+                    if user:
+                        user_objects.append(user)
+                                        
+            elif login:
+                user_objects.extend(self.getUserByLogin(login))
+            
+            for user in user_objects:
+                LOG('enumerateUsers', 0, user.getId())
+                info = { 'id' : user.getId()
+                       , 'login' : user.getReference()
+                       , 'pluginid' : plugin_id
+                       } 
+                       
+                user_info.append(info)
+                                
+            return tuple(user_info)
+        
+        _enumerateUsers = CachingMethod(_enumerateUsers, id='ERP5UserManager_enumerateUsers')
+        
+        if isinstance(id, list):
+            id = tuple(id)
+        return _enumerateUsers(t_id=id, path=self.getPhysicalPath())
+
+    def getUserByLogin(self, login):
+        """ 
+        Search the Catalog for login and return a list of person objects
+        login can be a string list or a list of strings
+        """       
+        # because we aren't logged in, we have to create our own
+        # SecurityManager to be able to access the Catalog
+        newSecurityManager(self, self.getPortalObject().portal_catalog.getOwner())
+        
+        result = self.getPortalObject().portal_catalog(portal_type="Person", reference=login)
+        
+        return [item.getObject() for item in result]
+    
+classImplements( ERP5UserManager
+               , IAuthenticationPlugin
+               , IUserEnumerationPlugin
+               )
+
+InitializeClass(ERP5UserManager)
diff --git a/product/ERP5Security/__init__.py b/product/ERP5Security/__init__.py
new file mode 100755
index 0000000000..de1135e5de
--- /dev/null
+++ b/product/ERP5Security/__init__.py
@@ -0,0 +1,57 @@
+##############################################################################
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
+# Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this
+# distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" ERP5Security product initialization.
+"""
+
+from AccessControl.Permissions import manage_users as ManageUsers
+from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
+from Products.PluggableAuthService.permissions import ManageGroups
+
+import ERP5UserManager
+import ERP5GroupManager
+import ERP5RoleManager
+
+registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
+registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
+registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
+
+def initialize(context):
+
+    context.registerClass( ERP5UserManager.ERP5UserManager
+                         , permission=ManageUsers
+                         , constructors=(
+                            ERP5UserManager.manage_addERP5UserManagerForm, 
+                            ERP5UserManager.addERP5UserManager, )
+                         , visibility=None
+                         , icon='www/portal.gif'
+                         )
+
+    context.registerClass( ERP5GroupManager.ERP5GroupManager
+                         , permission=ManageGroups
+                         , constructors=(
+                            ERP5GroupManager.manage_addERP5GroupManagerForm, 
+                            ERP5GroupManager.addERP5GroupManager, )
+                         , visibility=None
+                         , icon='www/portal.gif'
+                         )
+
+    context.registerClass( ERP5RoleManager.ERP5RoleManager
+                         , permission=ManageUsers
+                         , constructors=(
+                            ERP5RoleManager.manage_addERP5RoleManagerForm,
+                            ERP5RoleManager.addERP5RoleManager, )
+                         , visibility=None
+                         , icon='www/portal.gif'
+                         )
diff --git a/product/ERP5Security/refresh.txt b/product/ERP5Security/refresh.txt
new file mode 100755
index 0000000000..e69de29bb2
diff --git a/product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt b/product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt
new file mode 100755
index 0000000000..16e5b33e66
--- /dev/null
+++ b/product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt
@@ -0,0 +1,46 @@
+<h1 tal:replace="structure here/manage_page_header">Header</h1>
+
+<h2 tal:define="form_title string:Add ERP5 Group Manager"
+    tal:replace="structure here/manage_form_title">Form Title</h2>
+
+<p class="form-help">
+ERP5 Group Manager assigns Groups dynamically to users
+based on Assignments in ERP5
+</p>
+
+<form action="addERP5GroupManager" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Id
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="id" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-optional">
+    Title
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="title" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    </td>
+    <td align="left" valign="top">
+    <div class="form-element">
+    <input class="form-element" type="submit" name="submit" 
+     value=" Add " /> 
+    </div>
+    </td>
+  </tr>
+</table>
+</form>
+
+<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
diff --git a/product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt b/product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt
new file mode 100755
index 0000000000..430365e523
--- /dev/null
+++ b/product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt
@@ -0,0 +1,45 @@
+<h1 tal:replace="structure here/manage_page_header">Header</h1>
+
+<h2 tal:define="form_title string:Add ERP5 Role Manager"
+    tal:replace="structure here/manage_form_title">Form Title</h2>
+
+<p class="form-help">
+ERP5 Role Manager adds 'Member' as default Role for every user.
+</p>
+
+<form action="addERP5RoleManager" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Id
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="id" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-optional">
+    Title
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="title" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    </td>
+    <td align="left" valign="top">
+    <div class="form-element">
+    <input class="form-element" type="submit" name="submit" 
+     value=" Add " /> 
+    </div>
+    </td>
+  </tr>
+</table>
+</form>
+
+<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
diff --git a/product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt b/product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt
new file mode 100755
index 0000000000..cbe50e8ba6
--- /dev/null
+++ b/product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt
@@ -0,0 +1,46 @@
+<h1 tal:replace="structure here/manage_page_header">Header</h1>
+
+<h2 tal:define="form_title string:Add ERP5 User Manager"
+    tal:replace="structure here/manage_form_title">Form Title</h2>
+
+<p class="form-help">
+ERP5 User Manager applys the users managed in ERP5 person moduel
+to the Pluggable Authentication Service
+</p>
+
+<form action="addERP5UserManager" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Id
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="id" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-optional">
+    Title
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="title" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    </td>
+    <td align="left" valign="top">
+    <div class="form-element">
+    <input class="form-element" type="submit" name="submit" 
+     value=" Add " /> 
+    </div>
+    </td>
+  </tr>
+</table>
+</form>
+
+<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
diff --git a/product/ERP5Security/www/portal.gif b/product/ERP5Security/www/portal.gif
new file mode 100755
index 0000000000000000000000000000000000000000..05a5a14d61c6459950f1c5e355cc7ca629f8771a
GIT binary patch
literal 281
zcmV+!0p|WkNk%w1VGsZi0E7SltgO8=Gh7T1K>z?V2M0MjJ7U(>-WfAyDN=<qW|=}l
zXy4!E6DL|PUXdwQix7UX0KNDUbEyE#|4&bH|NsB8vcVV_MgW7_0HEmyhROzW!xc@E
z0A|d+y~+q!umAu5A^8LW6aXIpEC2ui01yBW000G+;3s}SAPfUh0OM#B#DOFUauCYm
z22A5T5J<$)U<7oZLhm7IIv>ReiO_gZD3Yr)(hyV%2Zs~ult3H@1pyHWy5B;CWstaF
z?)ZErL7;0cfPsP<2?GKM8yt#@j2j373So?s9B2v^0t$(g92*J*9Ul`tn~hN-20T6+
f9v&M+3^^kUYBDr70ux9r6$%0b1QrvaBOw4gkqKOD

literal 0
HcmV?d00001

-- 
2.30.9