Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alecs_myu
erp5
Commits
975ad4d7
Commit
975ad4d7
authored
Nov 26, 2015
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ERP5Security: cleanup. fix indentation and remove unused import.
parent
3751610a
Changes
11
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
473 additions
and
481 deletions
+473
-481
product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
+5
-6
product/ERP5Security/ERP5BearerExtractionPlugin.py
product/ERP5Security/ERP5BearerExtractionPlugin.py
+7
-7
product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
+5
-5
product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
+5
-5
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
+12
-12
product/ERP5Security/ERP5GroupManager.py
product/ERP5Security/ERP5GroupManager.py
+0
-4
product/ERP5Security/ERP5KeyAuthPlugin.py
product/ERP5Security/ERP5KeyAuthPlugin.py
+24
-28
product/ERP5Security/ERP5RoleManager.py
product/ERP5Security/ERP5RoleManager.py
+42
-42
product/ERP5Security/ERP5UserFactory.py
product/ERP5Security/ERP5UserFactory.py
+91
-91
product/ERP5Security/ERP5UserManager.py
product/ERP5Security/ERP5UserManager.py
+184
-183
product/ERP5Security/__init__.py
product/ERP5Security/__init__.py
+98
-98
No files found.
product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -28,7 +28,6 @@
#
##############################################################################
from
zLOG
import
LOG
,
PROBLEM
from
Products.ERP5Type.Globals
import
InitializeClass
from
AccessControl
import
ClassSecurityInfo
...
...
@@ -102,11 +101,11 @@ def addERP5AccessTokenExtractionPlugin(dispatcher, id, title=None, REQUEST=None)
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5AccessTokenExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5AccessTokenExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
#List implementation of class
classImplements
(
ERP5AccessTokenExtractionPlugin
,
...
...
product/ERP5Security/ERP5BearerExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -35,8 +35,8 @@ from Products.PluggableAuthService.utils import classImplements
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.ERP5Security.ERP5UserManager
import
SUPER_USER
from
Products.PluggableAuthService.PluggableAuthService
import
DumbHTTPExtractor
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
#Form for new plugin in ZMI
manage_addERP5BearerExtractionPluginForm
=
PageTemplateFile
(
...
...
@@ -50,11 +50,11 @@ def addERP5BearerExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5BearerExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5BearerExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5BearerExtractionPlugin
(
BasePlugin
):
"""
...
...
product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -69,11 +69,11 @@ def addERP5DumbHTTPExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5DumbHTTPExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5DumbHTTPExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
#List implementation of class
classImplements
(
ERP5DumbHTTPExtractionPlugin
,
...
...
product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
View file @
975ad4d7
...
...
@@ -49,11 +49,11 @@ def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key=
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5ExternalAuthenticationPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5ExternalAuthenticationPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5ExternalAuthenticationPlugin
(
BasePlugin
):
"""
...
...
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -35,8 +35,8 @@ from Products.PluggableAuthService.utils import classImplements
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.ERP5Security.ERP5UserManager
import
SUPER_USER
from
Products.PluggableAuthService.PluggableAuthService
import
DumbHTTPExtractor
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
from
Products.ERP5Type.Cache
import
DEFAULT_CACHE_SCOPE
import
socket
from
Products.ERP5Security.ERP5UserManager
import
getUserByLogin
...
...
@@ -66,11 +66,11 @@ def addERP5FacebookExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5FacebookExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5FacebookExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
#Form for new plugin in ZMI
manage_addERP5GoogleExtractionPluginForm
=
PageTemplateFile
(
...
...
@@ -84,11 +84,11 @@ def addERP5GoogleExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5GoogleExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5GoogleExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5ExternalOauth2ExtractionPlugin
:
...
...
product/ERP5Security/ERP5GroupManager.py
View file @
975ad4d7
...
...
@@ -17,8 +17,6 @@
from
Products.ERP5Type.Globals
import
InitializeClass
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
newSecurityManager
,
\
getSecurityManager
,
setSecurityManager
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.PluggableAuthService.utils
import
classImplements
...
...
@@ -28,7 +26,6 @@ from Products.ERP5Type.ERP5Type \
import
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
from
Products.ERP5Type.UnrestrictedMethod
import
UnrestrictedMethod
from
Products.ZSQLCatalog.SQLCatalog
import
SimpleQuery
from
Products.PluggableAuthService.PropertiedUser
import
PropertiedUser
from
ZODB.POSException
import
ConflictError
import
sys
...
...
@@ -130,7 +127,6 @@ class ERP5GroupManager(BasePlugin):
else
:
# no person is linked to this user login
return
()
person_object
=
catalog_result
[
0
].
getObject
()
person_id
=
person_object
.
getId
()
# Fetch category values from defined scripts
for
(
method_name
,
base_category_list
)
in
security_definition_list
:
...
...
product/ERP5Security/ERP5KeyAuthPlugin.py
View file @
975ad4d7
...
...
@@ -35,9 +35,6 @@ from Products.ERP5Type.Globals import InitializeClass
from
zope.interface
import
Interface
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
newSecurityManager
,
\
setSecurityManager
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
...
...
@@ -49,8 +46,8 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
from
Products.ERP5Type.Cache
import
CachingMethod
from
Products.ERP5Type.UnrestrictedMethod
import
UnrestrictedMethod
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
,
\
SUPER_USER
,
\
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
,
\
SUPER_USER
,
\
_AuthenticationFailure
from
Crypto.Cipher
import
AES
...
...
@@ -136,22 +133,22 @@ manage_addERP5KeyAuthPluginForm = PageTemplateFile(
'www/ERP5Security_addERP5KeyAuthPlugin'
,
globals
(),
__name__
=
'manage_addERP5KeyAuthPluginForm'
)
def
addERP5KeyAuthPlugin
(
dispatcher
,
id
,
title
=
None
,
\
encryption_key
=
''
,
cipher
=
'AES'
,
cookie_name
=
''
,
\
def
addERP5KeyAuthPlugin
(
dispatcher
,
id
,
title
=
None
,
encryption_key
=
''
,
cipher
=
'AES'
,
cookie_name
=
''
,
default_cookie_name
=
''
,
REQUEST
=
None
):
""" Add a ERP5KeyAuthPlugin to a Pluggable Auth Service. """
""" Add a ERP5KeyAuthPlugin to a Pluggable Auth Service. """
plugin
=
ERP5KeyAuthPlugin
(
id
=
id
,
title
=
title
,
encryption_key
=
encryption_key
,
cipher
=
cipher
,
cookie_name
=
cookie_name
,
default_cookie_name
=
default_cookie_name
)
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
plugin
=
ERP5KeyAuthPlugin
(
id
=
id
,
title
=
title
,
encryption_key
=
encryption_key
,
cipher
=
cipher
,
cookie_name
=
cookie_name
,
default_cookie_name
=
default_cookie_name
)
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5KeyAuthPlugin+added.'
%
dispatcher
.
absolute_url
())
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5KeyAuthPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5KeyAuthPlugin
(
ERP5UserManager
,
CookieAuthHelper
):
"""
...
...
@@ -277,9 +274,9 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
if
creds
:
creds
[
'remote_host'
]
=
request
.
get
(
'REMOTE_HOST'
,
''
)
try
:
creds
[
'remote_address'
]
=
request
.
getClientAddr
()
creds
[
'remote_address'
]
=
request
.
getClientAddr
()
except
AttributeError
:
creds
[
'remote_address'
]
=
request
.
get
(
'REMOTE_ADDR'
,
''
)
creds
[
'remote_address'
]
=
request
.
get
(
'REMOTE_ADDR'
,
''
)
except
StandardError
,
e
:
#Log standard error to check error
LOG
(
'ERP5KeyAuthPlugin.extractCredentials'
,
PROBLEM
,
str
(
e
))
...
...
@@ -373,14 +370,13 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
id
=
'ERP5KeyAuthPlugin_authenticateCredentials'
,
cache_factory
=
'erp5_content_short'
)
try
:
return
_authenticateCredentials
(
login
=
login
)
return
_authenticateCredentials
(
login
=
login
)
except
_AuthenticationFailure
:
return
None
return
None
except
StandardError
,
e
:
#Log standard error
LOG
(
'ERP5KeyAuthPlugin.authenticateCredentials'
,
PROBLEM
,
str
(
e
))
return
None
#Log standard error
LOG
(
'ERP5KeyAuthPlugin.authenticateCredentials'
,
PROBLEM
,
str
(
e
))
return
None
################################
# Properties for ZMI managment #
...
...
@@ -429,8 +425,8 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
#Redirect
if
RESPONSE
is
not
None
:
if
error_message
!=
''
:
self
.
REQUEST
.
form
[
'manage_tabs_message'
]
=
error_message
return
self
.
manage_editERP5KeyAuthPluginForm
(
RESPONSE
)
self
.
REQUEST
.
form
[
'manage_tabs_message'
]
=
error_message
return
self
.
manage_editERP5KeyAuthPluginForm
(
RESPONSE
)
else
:
message
=
"Updated"
RESPONSE
.
redirect
(
'%s/manage_editERP5KeyAuthPluginForm'
...
...
product/ERP5Security/ERP5RoleManager.py
View file @
975ad4d7
...
...
@@ -20,60 +20,60 @@ from AccessControl import ClassSecurityInfo
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.PluggableAuthService.utils
import
classImplements
from
Products.PluggableAuthService.interfaces.plugins
import
IRolesPlugin
,
\
IRoleEnumerationPlugin
from
Products.PluggableAuthService.interfaces.plugins
import
IRolesPlugin
,
\
IRoleEnumerationPlugin
from
ERP5UserManager
import
SUPER_USER
manage_addERP5RoleManagerForm
=
PageTemplateFile
(
'www/ERP5Security_addERP5RoleManager'
,
globals
(),
__name__
=
'manage_addERP5RoleManagerForm'
)
'www/ERP5Security_addERP5RoleManager'
,
globals
(),
__name__
=
'manage_addERP5RoleManagerForm'
)
def
addERP5RoleManager
(
dispatcher
,
id
,
title
=
None
,
REQUEST
=
None
):
""" Add a ERP5RoleManager to a Pluggable Auth Service. """
""" Add a ERP5RoleManager to a Pluggable Auth Service. """
erm
=
ERP5RoleManager
(
id
,
title
)
dispatcher
.
_setObject
(
erm
.
getId
(),
erm
)
erm
=
ERP5RoleManager
(
id
,
title
)
dispatcher
.
_setObject
(
erm
.
getId
(),
erm
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5RoleManager+added.'
%
dispatcher
.
absolute_url
())
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5RoleManager+added.'
%
dispatcher
.
absolute_url
())
class
ERP5RoleManager
(
BasePlugin
):
""" PAS plugin to add 'Member' as default
Role for every user.
""" PAS plugin to add 'Member' as default
Role for every user.
"""
meta_type
=
'ERP5 Role Manager'
security
=
ClassSecurityInfo
()
def
__init__
(
self
,
id
,
title
=
None
):
self
.
_id
=
self
.
id
=
id
self
.
title
=
title
#
# IRolesPlugin implementation
#
security
.
declarePrivate
(
'getRolesForPrincipal'
)
def
getRolesForPrincipal
(
self
,
principal
,
request
=
None
):
""" See IRolesPlugin.
We only ever return Member for every principal
"""
meta_type
=
'ERP5 Role Manager'
security
=
ClassSecurityInfo
()
def
__init__
(
self
,
id
,
title
=
None
):
self
.
_id
=
self
.
id
=
id
self
.
title
=
title
#
# IRolesPlugin implementation
#
security
.
declarePrivate
(
'getRolesForPrincipal'
)
def
getRolesForPrincipal
(
self
,
principal
,
request
=
None
):
""" See IRolesPlugin.
We only ever return Member for every principal
"""
if
principal
.
getId
()
==
SUPER_USER
:
# If this is the super user, give all the roles present in this system.
# XXX no API to do this in PAS.
rolemakers
=
self
.
_getPAS
().
plugins
.
listPlugins
(
IRoleEnumerationPlugin
)
roles
=
[]
for
rolemaker_id
,
rolemaker
in
rolemakers
:
roles
.
extend
([
role
[
'id'
]
for
role
in
rolemaker
.
enumerateRoles
()])
return
tuple
(
roles
)
return
(
'Member'
,)
if
principal
.
getId
()
==
SUPER_USER
:
# If this is the super user, give all the roles present in this system.
# XXX no API to do this in PAS.
rolemakers
=
self
.
_getPAS
().
plugins
.
listPlugins
(
IRoleEnumerationPlugin
)
roles
=
[]
for
rolemaker_id
,
rolemaker
in
rolemakers
:
roles
.
extend
([
role
[
'id'
]
for
role
in
rolemaker
.
enumerateRoles
()])
return
tuple
(
roles
)
return
(
'Member'
,)
classImplements
(
ERP5RoleManager
,
IRolesPlugin
...
...
product/ERP5Security/ERP5UserFactory.py
View file @
975ad4d7
...
...
@@ -61,7 +61,7 @@ class ERP5User(PropertiedUser):
principal_ids
=
list
(
group_ids
)
principal_ids
.
insert
(
0
,
user_id
)
local
=
{}
local
=
{}
object
=
aq_inner
(
object
)
while
1
:
...
...
@@ -98,102 +98,102 @@ class ERP5User(PropertiedUser):
return
list
(
self
.
getRoles
()
)
+
local
.
keys
()
def
allowed
(
self
,
object
,
object_roles
=
None
):
""" Check whether the user has access to object.
As for getRolesInContext, we take into account _getAcquireLocalRoles for
ERP5.
"""
if
self
.
getUserName
()
==
SUPER_USER
:
# super user is allowed to accesss any object
return
1
if
object_roles
is
_what_not_even_god_should_do
:
return
0
""" Check whether the user has access to object.
As for getRolesInContext, we take into account _getAcquireLocalRoles for
ERP5.
"""
if
self
.
getUserName
()
==
SUPER_USER
:
# super user is allowed to accesss any object
return
1
if
object_roles
is
_what_not_even_god_should_do
:
return
0
# Short-circuit the common case of anonymous access.
if
object_roles
is
None
or
'Anonymous'
in
object_roles
:
return
1
# Check for Developer Role, see patches.User for rationale
# XXX-arnau: copy/paste
object_roles
=
set
(
object_roles
)
if
'Developer'
in
object_roles
:
object_roles
.
remove
(
'Developer'
)
product_config
=
getattr
(
getConfiguration
(),
'product_config'
,
None
)
if
product_config
:
config
=
product_config
.
get
(
'erp5'
)
if
config
and
self
.
getId
()
in
config
.
developer_list
:
return
1
# Short-circuit the common case of anonymous access.
# Provide short-cut access if object is protected by 'Authenticated'
# role and user is not nobody
if
'Authenticated'
in
object_roles
and
(
self
.
getUserName
()
!=
'Anonymous User'
):
return
1
# Check for ancient role data up front, convert if found.
# This should almost never happen, and should probably be
# deprecated at some point.
if
'Shared'
in
object_roles
:
object_roles
=
self
.
_shared_roles
(
object
)
if
object_roles
is
None
or
'Anonymous'
in
object_roles
:
return
1
# Check for Developer Role, see patches.User for rationale
# XXX-arnau: copy/paste
object_roles
=
set
(
object_roles
)
if
'Developer'
in
object_roles
:
object_roles
.
remove
(
'Developer'
)
product_config
=
getattr
(
getConfiguration
(),
'product_config'
,
None
)
if
product_config
:
config
=
product_config
.
get
(
'erp5'
)
if
config
and
self
.
getId
()
in
config
.
developer_list
:
return
1
# Provide short-cut access if object is protected by 'Authenticated'
# role and user is not nobody
if
'Authenticated'
in
object_roles
and
(
self
.
getUserName
()
!=
'Anonymous User'
):
return
1
# Check for ancient role data up front, convert if found.
# This should almost never happen, and should probably be
# deprecated at some point.
if
'Shared'
in
object_roles
:
object_roles
=
self
.
_shared_roles
(
object
)
if
object_roles
is
None
or
'Anonymous'
in
object_roles
:
# Check for a role match with the normal roles given to
# the user, then with local roles only if necessary. We
# want to avoid as much overhead as possible.
user_roles
=
self
.
getRoles
()
for
role
in
object_roles
:
if
role
in
user_roles
:
if
self
.
_check_context
(
object
):
return
1
return
None
# Still have not found a match, so check local roles. We do
# this manually rather than call getRolesInContext so that
# we can incur only the overhead required to find a match.
inner_obj
=
aq_inner
(
object
)
user_id
=
self
.
getId
()
# [ x.getId() for x in self.getGroups() ]
group_ids
=
self
.
getGroups
()
principal_ids
=
list
(
group_ids
)
principal_ids
.
insert
(
0
,
user_id
)
while
1
:
local_roles
=
getattr
(
inner_obj
,
'__ac_local_roles__'
,
None
)
if
local_roles
:
if
callable
(
local_roles
):
local_roles
=
local_roles
()
dict
=
local_roles
or
{}
for
principal_id
in
principal_ids
:
local_roles
=
dict
.
get
(
principal_id
,
[]
)
for
role
in
object_roles
:
if
role
in
local_roles
:
if
self
.
_check_context
(
object
):
return
1
return
0
# patch by Klaus for LocalRole blocking
if
getattr
(
inner_obj
,
'_getAcquireLocalRoles'
,
None
)
is
not
None
:
if
not
inner_obj
.
_getAcquireLocalRoles
():
break
inner
=
aq_inner
(
inner_obj
)
parent
=
aq_parent
(
inner
)
if
parent
is
not
None
:
inner_obj
=
parent
continue
new
=
getattr
(
inner_obj
,
'im_self'
,
None
)
if
new
is
not
None
:
inner_obj
=
aq_inner
(
new
)
continue
break
# Check for a role match with the normal roles given to
# the user, then with local roles only if necessary. We
# want to avoid as much overhead as possible.
user_roles
=
self
.
getRoles
()
for
role
in
object_roles
:
if
role
in
user_roles
:
if
self
.
_check_context
(
object
):
return
1
return
None
# Still have not found a match, so check local roles. We do
# this manually rather than call getRolesInContext so that
# we can incur only the overhead required to find a match.
inner_obj
=
aq_inner
(
object
)
user_id
=
self
.
getId
()
# [ x.getId() for x in self.getGroups() ]
group_ids
=
self
.
getGroups
()
principal_ids
=
list
(
group_ids
)
principal_ids
.
insert
(
0
,
user_id
)
while
1
:
local_roles
=
getattr
(
inner_obj
,
'__ac_local_roles__'
,
None
)
if
local_roles
:
if
callable
(
local_roles
):
local_roles
=
local_roles
()
dict
=
local_roles
or
{}
for
principal_id
in
principal_ids
:
local_roles
=
dict
.
get
(
principal_id
,
[]
)
for
role
in
object_roles
:
if
role
in
local_roles
:
if
self
.
_check_context
(
object
):
return
1
return
0
# patch by Klaus for LocalRole blocking
if
getattr
(
inner_obj
,
'_getAcquireLocalRoles'
,
None
)
is
not
None
:
if
not
inner_obj
.
_getAcquireLocalRoles
():
break
inner
=
aq_inner
(
inner_obj
)
parent
=
aq_parent
(
inner
)
if
parent
is
not
None
:
inner_obj
=
parent
continue
new
=
getattr
(
inner_obj
,
'im_self'
,
None
)
if
new
is
not
None
:
inner_obj
=
aq_inner
(
new
)
continue
break
return
None
return
None
InitializeClass
(
ERP5User
)
...
...
product/ERP5Security/ERP5UserManager.py
View file @
975ad4d7
This diff is collapsed.
Click to expand it.
product/ERP5Security/__init__.py
View file @
975ad4d7
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment