Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alecs_myu
erp5
Commits
975ad4d7
Commit
975ad4d7
authored
Nov 26, 2015
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ERP5Security: cleanup. fix indentation and remove unused import.
parent
3751610a
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
473 additions
and
481 deletions
+473
-481
product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
+5
-6
product/ERP5Security/ERP5BearerExtractionPlugin.py
product/ERP5Security/ERP5BearerExtractionPlugin.py
+7
-7
product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
+5
-5
product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
+5
-5
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
+12
-12
product/ERP5Security/ERP5GroupManager.py
product/ERP5Security/ERP5GroupManager.py
+0
-4
product/ERP5Security/ERP5KeyAuthPlugin.py
product/ERP5Security/ERP5KeyAuthPlugin.py
+24
-28
product/ERP5Security/ERP5RoleManager.py
product/ERP5Security/ERP5RoleManager.py
+42
-42
product/ERP5Security/ERP5UserFactory.py
product/ERP5Security/ERP5UserFactory.py
+91
-91
product/ERP5Security/ERP5UserManager.py
product/ERP5Security/ERP5UserManager.py
+184
-183
product/ERP5Security/__init__.py
product/ERP5Security/__init__.py
+98
-98
No files found.
product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -28,7 +28,6 @@
#
##############################################################################
from
zLOG
import
LOG
,
PROBLEM
from
Products.ERP5Type.Globals
import
InitializeClass
from
AccessControl
import
ClassSecurityInfo
...
...
@@ -102,11 +101,11 @@ def addERP5AccessTokenExtractionPlugin(dispatcher, id, title=None, REQUEST=None)
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5AccessTokenExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5AccessTokenExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
#List implementation of class
classImplements
(
ERP5AccessTokenExtractionPlugin
,
...
...
product/ERP5Security/ERP5BearerExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -35,8 +35,8 @@ from Products.PluggableAuthService.utils import classImplements
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.ERP5Security.ERP5UserManager
import
SUPER_USER
from
Products.PluggableAuthService.PluggableAuthService
import
DumbHTTPExtractor
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
#Form for new plugin in ZMI
manage_addERP5BearerExtractionPluginForm
=
PageTemplateFile
(
...
...
@@ -50,11 +50,11 @@ def addERP5BearerExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5BearerExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5BearerExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5BearerExtractionPlugin
(
BasePlugin
):
"""
...
...
product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -69,11 +69,11 @@ def addERP5DumbHTTPExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5DumbHTTPExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5DumbHTTPExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
#List implementation of class
classImplements
(
ERP5DumbHTTPExtractionPlugin
,
...
...
product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
View file @
975ad4d7
...
...
@@ -49,11 +49,11 @@ def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key=
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5ExternalAuthenticationPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5ExternalAuthenticationPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5ExternalAuthenticationPlugin
(
BasePlugin
):
"""
...
...
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
View file @
975ad4d7
...
...
@@ -35,8 +35,8 @@ from Products.PluggableAuthService.utils import classImplements
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.ERP5Security.ERP5UserManager
import
SUPER_USER
from
Products.PluggableAuthService.PluggableAuthService
import
DumbHTTPExtractor
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
from
Products.ERP5Type.Cache
import
DEFAULT_CACHE_SCOPE
import
socket
from
Products.ERP5Security.ERP5UserManager
import
getUserByLogin
...
...
@@ -66,11 +66,11 @@ def addERP5FacebookExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5FacebookExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5FacebookExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
#Form for new plugin in ZMI
manage_addERP5GoogleExtractionPluginForm
=
PageTemplateFile
(
...
...
@@ -84,11 +84,11 @@ def addERP5GoogleExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5GoogleExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5GoogleExtractionPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5ExternalOauth2ExtractionPlugin
:
...
...
product/ERP5Security/ERP5GroupManager.py
View file @
975ad4d7
...
...
@@ -17,8 +17,6 @@
from
Products.ERP5Type.Globals
import
InitializeClass
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
newSecurityManager
,
\
getSecurityManager
,
setSecurityManager
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.PluggableAuthService.utils
import
classImplements
...
...
@@ -28,7 +26,6 @@ from Products.ERP5Type.ERP5Type \
import
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
from
Products.ERP5Type.UnrestrictedMethod
import
UnrestrictedMethod
from
Products.ZSQLCatalog.SQLCatalog
import
SimpleQuery
from
Products.PluggableAuthService.PropertiedUser
import
PropertiedUser
from
ZODB.POSException
import
ConflictError
import
sys
...
...
@@ -130,7 +127,6 @@ class ERP5GroupManager(BasePlugin):
else
:
# no person is linked to this user login
return
()
person_object
=
catalog_result
[
0
].
getObject
()
person_id
=
person_object
.
getId
()
# Fetch category values from defined scripts
for
(
method_name
,
base_category_list
)
in
security_definition_list
:
...
...
product/ERP5Security/ERP5KeyAuthPlugin.py
View file @
975ad4d7
...
...
@@ -35,9 +35,6 @@ from Products.ERP5Type.Globals import InitializeClass
from
zope.interface
import
Interface
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
newSecurityManager
,
\
setSecurityManager
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
...
...
@@ -49,8 +46,8 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
from
Products.ERP5Type.Cache
import
CachingMethod
from
Products.ERP5Type.UnrestrictedMethod
import
UnrestrictedMethod
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
,
\
SUPER_USER
,
\
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
,
\
SUPER_USER
,
\
_AuthenticationFailure
from
Crypto.Cipher
import
AES
...
...
@@ -136,22 +133,22 @@ manage_addERP5KeyAuthPluginForm = PageTemplateFile(
'www/ERP5Security_addERP5KeyAuthPlugin'
,
globals
(),
__name__
=
'manage_addERP5KeyAuthPluginForm'
)
def
addERP5KeyAuthPlugin
(
dispatcher
,
id
,
title
=
None
,
\
encryption_key
=
''
,
cipher
=
'AES'
,
cookie_name
=
''
,
\
def
addERP5KeyAuthPlugin
(
dispatcher
,
id
,
title
=
None
,
encryption_key
=
''
,
cipher
=
'AES'
,
cookie_name
=
''
,
default_cookie_name
=
''
,
REQUEST
=
None
):
""" Add a ERP5KeyAuthPlugin to a Pluggable Auth Service. """
""" Add a ERP5KeyAuthPlugin to a Pluggable Auth Service. """
plugin
=
ERP5KeyAuthPlugin
(
id
=
id
,
title
=
title
,
encryption_key
=
encryption_key
,
cipher
=
cipher
,
cookie_name
=
cookie_name
,
default_cookie_name
=
default_cookie_name
)
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
plugin
=
ERP5KeyAuthPlugin
(
id
=
id
,
title
=
title
,
encryption_key
=
encryption_key
,
cipher
=
cipher
,
cookie_name
=
cookie_name
,
default_cookie_name
=
default_cookie_name
)
dispatcher
.
_setObject
(
plugin
.
getId
(),
plugin
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5KeyAuthPlugin+added.'
%
dispatcher
.
absolute_url
())
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5KeyAuthPlugin+added.'
%
dispatcher
.
absolute_url
())
class
ERP5KeyAuthPlugin
(
ERP5UserManager
,
CookieAuthHelper
):
"""
...
...
@@ -277,9 +274,9 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
if
creds
:
creds
[
'remote_host'
]
=
request
.
get
(
'REMOTE_HOST'
,
''
)
try
:
creds
[
'remote_address'
]
=
request
.
getClientAddr
()
creds
[
'remote_address'
]
=
request
.
getClientAddr
()
except
AttributeError
:
creds
[
'remote_address'
]
=
request
.
get
(
'REMOTE_ADDR'
,
''
)
creds
[
'remote_address'
]
=
request
.
get
(
'REMOTE_ADDR'
,
''
)
except
StandardError
,
e
:
#Log standard error to check error
LOG
(
'ERP5KeyAuthPlugin.extractCredentials'
,
PROBLEM
,
str
(
e
))
...
...
@@ -373,14 +370,13 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
id
=
'ERP5KeyAuthPlugin_authenticateCredentials'
,
cache_factory
=
'erp5_content_short'
)
try
:
return
_authenticateCredentials
(
login
=
login
)
return
_authenticateCredentials
(
login
=
login
)
except
_AuthenticationFailure
:
return
None
return
None
except
StandardError
,
e
:
#Log standard error
LOG
(
'ERP5KeyAuthPlugin.authenticateCredentials'
,
PROBLEM
,
str
(
e
))
return
None
#Log standard error
LOG
(
'ERP5KeyAuthPlugin.authenticateCredentials'
,
PROBLEM
,
str
(
e
))
return
None
################################
# Properties for ZMI managment #
...
...
@@ -429,8 +425,8 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
#Redirect
if
RESPONSE
is
not
None
:
if
error_message
!=
''
:
self
.
REQUEST
.
form
[
'manage_tabs_message'
]
=
error_message
return
self
.
manage_editERP5KeyAuthPluginForm
(
RESPONSE
)
self
.
REQUEST
.
form
[
'manage_tabs_message'
]
=
error_message
return
self
.
manage_editERP5KeyAuthPluginForm
(
RESPONSE
)
else
:
message
=
"Updated"
RESPONSE
.
redirect
(
'%s/manage_editERP5KeyAuthPluginForm'
...
...
product/ERP5Security/ERP5RoleManager.py
View file @
975ad4d7
...
...
@@ -20,60 +20,60 @@ from AccessControl import ClassSecurityInfo
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.PluggableAuthService.utils
import
classImplements
from
Products.PluggableAuthService.interfaces.plugins
import
IRolesPlugin
,
\
IRoleEnumerationPlugin
from
Products.PluggableAuthService.interfaces.plugins
import
IRolesPlugin
,
\
IRoleEnumerationPlugin
from
ERP5UserManager
import
SUPER_USER
manage_addERP5RoleManagerForm
=
PageTemplateFile
(
'www/ERP5Security_addERP5RoleManager'
,
globals
(),
__name__
=
'manage_addERP5RoleManagerForm'
)
'www/ERP5Security_addERP5RoleManager'
,
globals
(),
__name__
=
'manage_addERP5RoleManagerForm'
)
def
addERP5RoleManager
(
dispatcher
,
id
,
title
=
None
,
REQUEST
=
None
):
""" Add a ERP5RoleManager to a Pluggable Auth Service. """
""" Add a ERP5RoleManager to a Pluggable Auth Service. """
erm
=
ERP5RoleManager
(
id
,
title
)
dispatcher
.
_setObject
(
erm
.
getId
(),
erm
)
erm
=
ERP5RoleManager
(
id
,
title
)
dispatcher
.
_setObject
(
erm
.
getId
(),
erm
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5RoleManager+added.'
%
dispatcher
.
absolute_url
())
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5RoleManager+added.'
%
dispatcher
.
absolute_url
())
class
ERP5RoleManager
(
BasePlugin
):
""" PAS plugin to add 'Member' as default
Role for every user.
""" PAS plugin to add 'Member' as default
Role for every user.
"""
meta_type
=
'ERP5 Role Manager'
security
=
ClassSecurityInfo
()
def
__init__
(
self
,
id
,
title
=
None
):
self
.
_id
=
self
.
id
=
id
self
.
title
=
title
#
# IRolesPlugin implementation
#
security
.
declarePrivate
(
'getRolesForPrincipal'
)
def
getRolesForPrincipal
(
self
,
principal
,
request
=
None
):
""" See IRolesPlugin.
We only ever return Member for every principal
"""
meta_type
=
'ERP5 Role Manager'
security
=
ClassSecurityInfo
()
def
__init__
(
self
,
id
,
title
=
None
):
self
.
_id
=
self
.
id
=
id
self
.
title
=
title
#
# IRolesPlugin implementation
#
security
.
declarePrivate
(
'getRolesForPrincipal'
)
def
getRolesForPrincipal
(
self
,
principal
,
request
=
None
):
""" See IRolesPlugin.
We only ever return Member for every principal
"""
if
principal
.
getId
()
==
SUPER_USER
:
# If this is the super user, give all the roles present in this system.
# XXX no API to do this in PAS.
rolemakers
=
self
.
_getPAS
().
plugins
.
listPlugins
(
IRoleEnumerationPlugin
)
roles
=
[]
for
rolemaker_id
,
rolemaker
in
rolemakers
:
roles
.
extend
([
role
[
'id'
]
for
role
in
rolemaker
.
enumerateRoles
()])
return
tuple
(
roles
)
return
(
'Member'
,)
if
principal
.
getId
()
==
SUPER_USER
:
# If this is the super user, give all the roles present in this system.
# XXX no API to do this in PAS.
rolemakers
=
self
.
_getPAS
().
plugins
.
listPlugins
(
IRoleEnumerationPlugin
)
roles
=
[]
for
rolemaker_id
,
rolemaker
in
rolemakers
:
roles
.
extend
([
role
[
'id'
]
for
role
in
rolemaker
.
enumerateRoles
()])
return
tuple
(
roles
)
return
(
'Member'
,)
classImplements
(
ERP5RoleManager
,
IRolesPlugin
...
...
product/ERP5Security/ERP5UserFactory.py
View file @
975ad4d7
...
...
@@ -61,7 +61,7 @@ class ERP5User(PropertiedUser):
principal_ids
=
list
(
group_ids
)
principal_ids
.
insert
(
0
,
user_id
)
local
=
{}
local
=
{}
object
=
aq_inner
(
object
)
while
1
:
...
...
@@ -98,102 +98,102 @@ class ERP5User(PropertiedUser):
return
list
(
self
.
getRoles
()
)
+
local
.
keys
()
def
allowed
(
self
,
object
,
object_roles
=
None
):
""" Check whether the user has access to object.
As for getRolesInContext, we take into account _getAcquireLocalRoles for
ERP5.
"""
if
self
.
getUserName
()
==
SUPER_USER
:
# super user is allowed to accesss any object
return
1
if
object_roles
is
_what_not_even_god_should_do
:
return
0
""" Check whether the user has access to object.
As for getRolesInContext, we take into account _getAcquireLocalRoles for
ERP5.
"""
if
self
.
getUserName
()
==
SUPER_USER
:
# super user is allowed to accesss any object
return
1
if
object_roles
is
_what_not_even_god_should_do
:
return
0
# Short-circuit the common case of anonymous access.
if
object_roles
is
None
or
'Anonymous'
in
object_roles
:
return
1
# Check for Developer Role, see patches.User for rationale
# XXX-arnau: copy/paste
object_roles
=
set
(
object_roles
)
if
'Developer'
in
object_roles
:
object_roles
.
remove
(
'Developer'
)
product_config
=
getattr
(
getConfiguration
(),
'product_config'
,
None
)
if
product_config
:
config
=
product_config
.
get
(
'erp5'
)
if
config
and
self
.
getId
()
in
config
.
developer_list
:
return
1
# Short-circuit the common case of anonymous access.
# Provide short-cut access if object is protected by 'Authenticated'
# role and user is not nobody
if
'Authenticated'
in
object_roles
and
(
self
.
getUserName
()
!=
'Anonymous User'
):
return
1
# Check for ancient role data up front, convert if found.
# This should almost never happen, and should probably be
# deprecated at some point.
if
'Shared'
in
object_roles
:
object_roles
=
self
.
_shared_roles
(
object
)
if
object_roles
is
None
or
'Anonymous'
in
object_roles
:
return
1
# Check for Developer Role, see patches.User for rationale
# XXX-arnau: copy/paste
object_roles
=
set
(
object_roles
)
if
'Developer'
in
object_roles
:
object_roles
.
remove
(
'Developer'
)
product_config
=
getattr
(
getConfiguration
(),
'product_config'
,
None
)
if
product_config
:
config
=
product_config
.
get
(
'erp5'
)
if
config
and
self
.
getId
()
in
config
.
developer_list
:
return
1
# Provide short-cut access if object is protected by 'Authenticated'
# role and user is not nobody
if
'Authenticated'
in
object_roles
and
(
self
.
getUserName
()
!=
'Anonymous User'
):
return
1
# Check for ancient role data up front, convert if found.
# This should almost never happen, and should probably be
# deprecated at some point.
if
'Shared'
in
object_roles
:
object_roles
=
self
.
_shared_roles
(
object
)
if
object_roles
is
None
or
'Anonymous'
in
object_roles
:
# Check for a role match with the normal roles given to
# the user, then with local roles only if necessary. We
# want to avoid as much overhead as possible.
user_roles
=
self
.
getRoles
()
for
role
in
object_roles
:
if
role
in
user_roles
:
if
self
.
_check_context
(
object
):
return
1
return
None
# Still have not found a match, so check local roles. We do
# this manually rather than call getRolesInContext so that
# we can incur only the overhead required to find a match.
inner_obj
=
aq_inner
(
object
)
user_id
=
self
.
getId
()
# [ x.getId() for x in self.getGroups() ]
group_ids
=
self
.
getGroups
()
principal_ids
=
list
(
group_ids
)
principal_ids
.
insert
(
0
,
user_id
)
while
1
:
local_roles
=
getattr
(
inner_obj
,
'__ac_local_roles__'
,
None
)
if
local_roles
:
if
callable
(
local_roles
):
local_roles
=
local_roles
()
dict
=
local_roles
or
{}
for
principal_id
in
principal_ids
:
local_roles
=
dict
.
get
(
principal_id
,
[]
)
for
role
in
object_roles
:
if
role
in
local_roles
:
if
self
.
_check_context
(
object
):
return
1
return
0
# patch by Klaus for LocalRole blocking
if
getattr
(
inner_obj
,
'_getAcquireLocalRoles'
,
None
)
is
not
None
:
if
not
inner_obj
.
_getAcquireLocalRoles
():
break
inner
=
aq_inner
(
inner_obj
)
parent
=
aq_parent
(
inner
)
if
parent
is
not
None
:
inner_obj
=
parent
continue
new
=
getattr
(
inner_obj
,
'im_self'
,
None
)
if
new
is
not
None
:
inner_obj
=
aq_inner
(
new
)
continue
break
# Check for a role match with the normal roles given to
# the user, then with local roles only if necessary. We
# want to avoid as much overhead as possible.
user_roles
=
self
.
getRoles
()
for
role
in
object_roles
:
if
role
in
user_roles
:
if
self
.
_check_context
(
object
):
return
1
return
None
# Still have not found a match, so check local roles. We do
# this manually rather than call getRolesInContext so that
# we can incur only the overhead required to find a match.
inner_obj
=
aq_inner
(
object
)
user_id
=
self
.
getId
()
# [ x.getId() for x in self.getGroups() ]
group_ids
=
self
.
getGroups
()
principal_ids
=
list
(
group_ids
)
principal_ids
.
insert
(
0
,
user_id
)
while
1
:
local_roles
=
getattr
(
inner_obj
,
'__ac_local_roles__'
,
None
)
if
local_roles
:
if
callable
(
local_roles
):
local_roles
=
local_roles
()
dict
=
local_roles
or
{}
for
principal_id
in
principal_ids
:
local_roles
=
dict
.
get
(
principal_id
,
[]
)
for
role
in
object_roles
:
if
role
in
local_roles
:
if
self
.
_check_context
(
object
):
return
1
return
0
# patch by Klaus for LocalRole blocking
if
getattr
(
inner_obj
,
'_getAcquireLocalRoles'
,
None
)
is
not
None
:
if
not
inner_obj
.
_getAcquireLocalRoles
():
break
inner
=
aq_inner
(
inner_obj
)
parent
=
aq_parent
(
inner
)
if
parent
is
not
None
:
inner_obj
=
parent
continue
new
=
getattr
(
inner_obj
,
'im_self'
,
None
)
if
new
is
not
None
:
inner_obj
=
aq_inner
(
new
)
continue
break
return
None
return
None
InitializeClass
(
ERP5User
)
...
...
product/ERP5Security/ERP5UserManager.py
View file @
975ad4d7
...
...
@@ -38,8 +38,8 @@ from zLOG import LOG, PROBLEM
SUPER_USER
=
'__erp5security-=__'
manage_addERP5UserManagerForm
=
PageTemplateFile
(
'www/ERP5Security_addERP5UserManager'
,
globals
(),
__name__
=
'manage_addERP5UserManagerForm'
)
'www/ERP5Security_addERP5UserManager'
,
globals
(),
__name__
=
'manage_addERP5UserManagerForm'
)
def
addERP5UserManager
(
dispatcher
,
id
,
title
=
None
,
REQUEST
=
None
):
""" Add a ERP5UserManager to a Pluggable Auth Service. """
...
...
@@ -48,11 +48,11 @@ def addERP5UserManager(dispatcher, id, title=None, REQUEST=None):
dispatcher
.
_setObject
(
eum
.
getId
(),
eum
)
if
REQUEST
is
not
None
:
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5UserManager+added.'
%
dispatcher
.
absolute_url
())
REQUEST
[
'RESPONSE'
].
redirect
(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5UserManager+added.'
%
dispatcher
.
absolute_url
())
class
_AuthenticationFailure
(
Exception
):
"""Raised when authentication failed, to prevent caching the fact that a user
...
...
@@ -72,9 +72,9 @@ def getUserByLogin(portal, login, exact_match=True):
if
not
(
portal
.
portal_catalog
.
hasColumn
(
'portal_type'
)
and
portal
.
portal_catalog
.
hasColumn
(
'reference'
)):
raise
RuntimeError
(
'Catalog does not have column information. Make sure RDB is working and disk is not full.'
)
result
=
portal
.
portal_catalog
.
unrestrictedSearchResults
(
select_expression
=
'reference'
,
portal_type
=
"Person"
,
reference
=
dict
(
query
=
login
,
key
=
reference_key
))
select_expression
=
'reference'
,
portal_type
=
"Person"
,
reference
=
dict
(
query
=
login
,
key
=
reference_key
))
# XXX: Here, we filter catalog result list ALTHOUGH we did pass
# parameters to unrestrictedSearchResults to restrict result set.
# This is done because the following values can match person with
...
...
@@ -95,180 +95,181 @@ def getUserByLogin(portal, login, exact_match=True):
class
ERP5UserManager
(
BasePlugin
):
""" PAS plugin for managing users in ERP5
"""
""" PAS plugin for managing users in ERP5
"""
meta_type
=
'ERP5 User Manager'
security
=
ClassSecurityInfo
()
def
__init__
(
self
,
id
,
title
=
None
):
meta_type
=
'ERP5 User Manager'
security
=
ClassSecurityInfo
()
def
__init__
(
self
,
id
,
title
=
None
):
self
.
_id
=
self
.
id
=
id
self
.
title
=
title
#
# IAuthenticationPlugin implementation
#
security
.
declarePrivate
(
'authenticateCredentials'
)
def
authenticateCredentials
(
self
,
credentials
):
""" See IAuthenticationPlugin.
o We expect the credentials to be those returned by
ILoginPasswordExtractionPlugin.
"""
login
=
credentials
.
get
(
'login'
)
ignore_password
=
False
if
not
login
:
# fallback to support plugins using external tools to extract login
# those are not using login/password pair, they just extract login
# from remote system (eg. SSL certificates)
login
=
credentials
.
get
(
'external_login'
)
ignore_password
=
True
# Forbidden the usage of the super user.
if
login
==
SUPER_USER
:
return
None
@
UnrestrictedMethod
def
_authenticateCredentials
(
login
,
password
,
path
,
ignore_password
=
False
):
if
not
login
or
not
(
password
or
ignore_password
):
return
None
user_list
=
self
.
getUserByLogin
(
login
)
if
not
user_list
:
raise
_AuthenticationFailure
()
user
=
user_list
[
0
]
try
:
# get assignment
assignment_list
=
[
x
for
x
in
user
.
contentValues
(
portal_type
=
"Assignment"
)
if
x
.
getValidationState
()
==
"open"
]
valid_assignment_list
=
[]
# check dates if exist
login_date
=
DateTime
()
for
assignment
in
assignment_list
:
if
assignment
.
getStartDate
()
is
not
None
and
\
assignment
.
getStartDate
()
>
login_date
:
continue
if
assignment
.
hasStopDate
()
and
\
assignment
.
getStopDate
()
<
login_date
:
continue
valid_assignment_list
.
append
(
assignment
)
if
(
ignore_password
or
pw_validate
(
user
.
getPassword
(),
password
))
and
\
len
(
valid_assignment_list
)
and
user
\
.
getValidationState
()
!=
'deleted'
:
#user.getCareerRole() == 'internal':
return
login
,
login
# use same for user_id and login
finally
:
pass
raise
_AuthenticationFailure
()
_authenticateCredentials
=
CachingMethod
(
_authenticateCredentials
,
id
=
'ERP5UserManager_authenticateCredentials'
,
cache_factory
=
'erp5_content_short'
)
try
:
authentication_result
=
_authenticateCredentials
(
login
=
login
,
password
=
credentials
.
get
(
'password'
),
path
=
self
.
getPhysicalPath
(),
ignore_password
=
ignore_password
)
except
_AuthenticationFailure
:
authentication_result
=
None
if
not
self
.
getPortalObject
().
portal_preferences
.
isAuthenticationPolicyEnabled
():
# stop here, no authentication policy enabled
# so just return authentication check result
return
authentication_result
# authentication policy enabled, we need person object anyway
user_list
=
self
.
getUserByLogin
(
credentials
.
get
(
'login'
))
if
not
user_list
:
# not an ERP5 Person object
return
None
user
=
user_list
[
0
]
if
authentication_result
is
None
:
# file a failed authentication attempt
user
.
notifyLoginFailure
()
return
None
# check if password is expired
if
user
.
isPasswordExpired
():
user
.
notifyPasswordExpire
()
return
None
# check if user account is blocked
if
user
.
isLoginBlocked
():
return
None
return
authentication_result
#
# IUserEnumerationPlugin implementation
#
security
.
declarePrivate
(
'enumerateUsers'
)
def
enumerateUsers
(
self
,
id
=
None
,
login
=
None
,
exact_match
=
False
,
sort_by
=
None
,
max_results
=
None
,
**
kw
):
""" See IUserEnumerationPlugin.
"""
if
id
is
None
:
id
=
login
if
isinstance
(
id
,
str
):
id
=
(
id
,)
if
isinstance
(
id
,
list
):
id
=
tuple
(
id
)
user_info
=
[]
plugin_id
=
self
.
getId
()
id_list
=
[]
for
user_id
in
id
:
if
SUPER_USER
==
user_id
:
info
=
{
'id'
:
SUPER_USER
,
'login'
:
SUPER_USER
,
'pluginid'
:
plugin_id
}
user_info
.
append
(
info
)
else
:
id_list
.
append
(
user_id
)
if
id_list
:
for
user
in
self
.
getUserByLogin
(
tuple
(
id_list
),
exact_match
=
exact_match
):
info
=
{
'id'
:
user
.
getReference
()
,
'login'
:
user
.
getReference
()
,
'pluginid'
:
plugin_id
}
user_info
.
append
(
info
)
return
tuple
(
user_info
)
def
getUserByLogin
(
self
,
login
,
exact_match
=
True
):
# Search the Catalog for login and return a list of person objects
# login can be a string or a list of strings
# (no docstring to prevent publishing)
if
not
login
:
return
[]
if
isinstance
(
login
,
list
):
login
=
tuple
(
login
)
elif
not
isinstance
(
login
,
tuple
):
login
=
str
(
login
)
try
:
return
getUserByLogin
(
self
.
getPortalObject
(),
login
,
exact_match
)
except
ConflictError
:
raise
except
:
LOG
(
'ERP5Security'
,
PROBLEM
,
'getUserByLogin failed'
,
error
=
sys
.
exc_info
())
# Here we must raise an exception to prevent callers from caching
# a result of a degraded situation.
# The kind of exception does not matter as long as it's catched by
# PAS and causes a lookup using another plugin or user folder.
# As PAS does not define explicitely such exception, we must use
# the _SWALLOWABLE_PLUGIN_EXCEPTIONS list.
raise
_SWALLOWABLE_PLUGIN_EXCEPTIONS
[
0
]
self
.
_id
=
self
.
id
=
id
self
.
title
=
title
#
# IAuthenticationPlugin implementation
#
security
.
declarePrivate
(
'authenticateCredentials'
)
def
authenticateCredentials
(
self
,
credentials
):
""" See IAuthenticationPlugin.
o We expect the credentials to be those returned by
ILoginPasswordExtractionPlugin.
"""
login
=
credentials
.
get
(
'login'
)
ignore_password
=
False
if
not
login
:
# fallback to support plugins using external tools to extract login
# those are not using login/password pair, they just extract login
# from remote system (eg. SSL certificates)
login
=
credentials
.
get
(
'external_login'
)
ignore_password
=
True
# Forbidden the usage of the super user.
if
login
==
SUPER_USER
:
return
None
@
UnrestrictedMethod
def
_authenticateCredentials
(
login
,
password
,
path
,
ignore_password
=
False
):
if
not
login
or
not
(
password
or
ignore_password
):
return
None
user_list
=
self
.
getUserByLogin
(
login
)
if
not
user_list
:
raise
_AuthenticationFailure
()
user
=
user_list
[
0
]
try
:
# get assignment
assignment_list
=
[
x
for
x
in
user
.
contentValues
(
portal_type
=
"Assignment"
)
if
x
.
getValidationState
()
==
"open"
]
valid_assignment_list
=
[]
# check dates if exist
login_date
=
DateTime
()
for
assignment
in
assignment_list
:
if
assignment
.
getStartDate
()
is
not
None
and
\
assignment
.
getStartDate
()
>
login_date
:
continue
if
assignment
.
hasStopDate
()
and
\
assignment
.
getStopDate
()
<
login_date
:
continue
valid_assignment_list
.
append
(
assignment
)
if
(
ignore_password
or
pw_validate
(
user
.
getPassword
(),
password
))
and
\
len
(
valid_assignment_list
)
and
user
\
.
getValidationState
()
!=
'deleted'
:
#user.getCareerRole() == 'internal':
return
login
,
login
# use same for user_id and login
finally
:
pass
raise
_AuthenticationFailure
()
_authenticateCredentials
=
CachingMethod
(
_authenticateCredentials
,
id
=
'ERP5UserManager_authenticateCredentials'
,
cache_factory
=
'erp5_content_short'
)
try
:
authentication_result
=
_authenticateCredentials
(
login
=
login
,
password
=
credentials
.
get
(
'password'
),
path
=
self
.
getPhysicalPath
(),
ignore_password
=
ignore_password
)
except
_AuthenticationFailure
:
authentication_result
=
None
if
not
self
.
getPortalObject
().
portal_preferences
.
isAuthenticationPolicyEnabled
():
# stop here, no authentication policy enabled
# so just return authentication check result
return
authentication_result
# authentication policy enabled, we need person object anyway
user_list
=
self
.
getUserByLogin
(
credentials
.
get
(
'login'
))
if
not
user_list
:
# not an ERP5 Person object
return
None
user
=
user_list
[
0
]
if
authentication_result
is
None
:
# file a failed authentication attempt
user
.
notifyLoginFailure
()
return
None
# check if password is expired
if
user
.
isPasswordExpired
():
user
.
notifyPasswordExpire
()
return
None
# check if user account is blocked
if
user
.
isLoginBlocked
():
return
None
return
authentication_result
#
# IUserEnumerationPlugin implementation
#
security
.
declarePrivate
(
'enumerateUsers'
)
def
enumerateUsers
(
self
,
id
=
None
,
login
=
None
,
exact_match
=
False
,
sort_by
=
None
,
max_results
=
None
,
**
kw
):
""" See IUserEnumerationPlugin.
"""
if
id
is
None
:
id
=
login
if
isinstance
(
id
,
str
):
id
=
(
id
,)
if
isinstance
(
id
,
list
):
id
=
tuple
(
id
)
user_info
=
[]
plugin_id
=
self
.
getId
()
id_list
=
[]
for
user_id
in
id
:
if
SUPER_USER
==
user_id
:
info
=
{
'id'
:
SUPER_USER
,
'login'
:
SUPER_USER
,
'pluginid'
:
plugin_id
}
user_info
.
append
(
info
)
else
:
id_list
.
append
(
user_id
)
if
id_list
:
for
user
in
self
.
getUserByLogin
(
tuple
(
id_list
),
exact_match
=
exact_match
):
info
=
{
'id'
:
user
.
getReference
()
,
'login'
:
user
.
getReference
()
,
'pluginid'
:
plugin_id
}
user_info
.
append
(
info
)
return
tuple
(
user_info
)
def
getUserByLogin
(
self
,
login
,
exact_match
=
True
):
# Search the Catalog for login and return a list of person objects
# login can be a string or a list of strings
# (no docstring to prevent publishing)
if
not
login
:
return
[]
if
isinstance
(
login
,
list
):
login
=
tuple
(
login
)
elif
not
isinstance
(
login
,
tuple
):
login
=
str
(
login
)
try
:
return
getUserByLogin
(
self
.
getPortalObject
(),
login
,
exact_match
)
except
ConflictError
:
raise
except
:
LOG
(
'ERP5Security'
,
PROBLEM
,
'getUserByLogin failed'
,
error
=
sys
.
exc_info
())
# Here we must raise an exception to prevent callers from caching
# a result of a degraded situation.
# The kind of exception does not matter as long as it's catched by
# PAS and causes a lookup using another plugin or user folder.
# As PAS does not define explicitely such exception, we must use
# the _SWALLOWABLE_PLUGIN_EXCEPTIONS list.
raise
_SWALLOWABLE_PLUGIN_EXCEPTIONS
[
0
]
classImplements
(
ERP5UserManager
...
...
product/ERP5Security/__init__.py
View file @
975ad4d7
...
...
@@ -74,104 +74,104 @@ registerMultiPlugin(ERP5DumbHTTPExtractionPlugin.ERP5DumbHTTPExtractionPlugin.me
def
initialize
(
context
):
context
.
registerClass
(
ERP5UserManager
.
ERP5UserManager
,
permission
=
ManageUsers
,
constructors
=
(
ERP5UserManager
.
manage_addERP5UserManagerForm
,
ERP5UserManager
.
addERP5UserManager
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5GroupManager
.
ERP5GroupManager
,
permission
=
ManageGroups
,
constructors
=
(
ERP5GroupManager
.
manage_addERP5GroupManagerForm
,
ERP5GroupManager
.
addERP5GroupManager
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5RoleManager
.
ERP5RoleManager
,
permission
=
ManageUsers
,
constructors
=
(
ERP5RoleManager
.
manage_addERP5RoleManagerForm
,
ERP5RoleManager
.
addERP5RoleManager
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5UserFactory
.
ERP5UserFactory
,
permission
=
ManageUsers
,
constructors
=
(
ERP5UserFactory
.
manage_addERP5UserFactoryForm
,
ERP5UserFactory
.
addERP5UserFactory
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5KeyAuthPlugin
.
ERP5KeyAuthPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5KeyAuthPlugin
.
manage_addERP5KeyAuthPluginForm
,
ERP5KeyAuthPlugin
.
addERP5KeyAuthPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5ExternalAuthenticationPlugin
.
ERP5ExternalAuthenticationPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5ExternalAuthenticationPlugin
.
manage_addERP5ExternalAuthenticationPluginForm
,
ERP5ExternalAuthenticationPlugin
.
addERP5ExternalAuthenticationPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5BearerExtractionPlugin
.
ERP5BearerExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5BearerExtractionPlugin
.
manage_addERP5BearerExtractionPluginForm
,
ERP5BearerExtractionPlugin
.
addERP5BearerExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5ExternalOauth2ExtractionPlugin
.
ERP5FacebookExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5ExternalOauth2ExtractionPlugin
.
manage_addERP5FacebookExtractionPluginForm
,
ERP5ExternalOauth2ExtractionPlugin
.
addERP5FacebookExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5ExternalOauth2ExtractionPlugin
.
ERP5GoogleExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5ExternalOauth2ExtractionPlugin
.
manage_addERP5GoogleExtractionPluginForm
,
ERP5ExternalOauth2ExtractionPlugin
.
addERP5GoogleExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5AccessTokenExtractionPlugin
.
ERP5AccessTokenExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5AccessTokenExtractionPlugin
.
manage_addERP5AccessTokenExtractionPluginForm
,
ERP5AccessTokenExtractionPlugin
.
addERP5AccessTokenExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5DumbHTTPExtractionPlugin
.
ERP5DumbHTTPExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5DumbHTTPExtractionPlugin
.
manage_addERP5DumbHTTPExtractionPluginForm
,
ERP5DumbHTTPExtractionPlugin
.
addERP5DumbHTTPExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5UserManager
.
ERP5UserManager
,
permission
=
ManageUsers
,
constructors
=
(
ERP5UserManager
.
manage_addERP5UserManagerForm
,
ERP5UserManager
.
addERP5UserManager
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5GroupManager
.
ERP5GroupManager
,
permission
=
ManageGroups
,
constructors
=
(
ERP5GroupManager
.
manage_addERP5GroupManagerForm
,
ERP5GroupManager
.
addERP5GroupManager
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5RoleManager
.
ERP5RoleManager
,
permission
=
ManageUsers
,
constructors
=
(
ERP5RoleManager
.
manage_addERP5RoleManagerForm
,
ERP5RoleManager
.
addERP5RoleManager
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5UserFactory
.
ERP5UserFactory
,
permission
=
ManageUsers
,
constructors
=
(
ERP5UserFactory
.
manage_addERP5UserFactoryForm
,
ERP5UserFactory
.
addERP5UserFactory
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5KeyAuthPlugin
.
ERP5KeyAuthPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5KeyAuthPlugin
.
manage_addERP5KeyAuthPluginForm
,
ERP5KeyAuthPlugin
.
addERP5KeyAuthPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5ExternalAuthenticationPlugin
.
ERP5ExternalAuthenticationPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5ExternalAuthenticationPlugin
.
manage_addERP5ExternalAuthenticationPluginForm
,
ERP5ExternalAuthenticationPlugin
.
addERP5ExternalAuthenticationPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5BearerExtractionPlugin
.
ERP5BearerExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5BearerExtractionPlugin
.
manage_addERP5BearerExtractionPluginForm
,
ERP5BearerExtractionPlugin
.
addERP5BearerExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5ExternalOauth2ExtractionPlugin
.
ERP5FacebookExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5ExternalOauth2ExtractionPlugin
.
manage_addERP5FacebookExtractionPluginForm
,
ERP5ExternalOauth2ExtractionPlugin
.
addERP5FacebookExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5ExternalOauth2ExtractionPlugin
.
ERP5GoogleExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5ExternalOauth2ExtractionPlugin
.
manage_addERP5GoogleExtractionPluginForm
,
ERP5ExternalOauth2ExtractionPlugin
.
addERP5GoogleExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5AccessTokenExtractionPlugin
.
ERP5AccessTokenExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5AccessTokenExtractionPlugin
.
manage_addERP5AccessTokenExtractionPluginForm
,
ERP5AccessTokenExtractionPlugin
.
addERP5AccessTokenExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
context
.
registerClass
(
ERP5DumbHTTPExtractionPlugin
.
ERP5DumbHTTPExtractionPlugin
,
permission
=
ManageUsers
,
constructors
=
(
ERP5DumbHTTPExtractionPlugin
.
manage_addERP5DumbHTTPExtractionPluginForm
,
ERP5DumbHTTPExtractionPlugin
.
addERP5DumbHTTPExtractionPlugin
,
)
,
visibility
=
None
,
icon
=
'www/portal.gif'
)
from
AccessControl.SecurityInfo
import
ModuleSecurityInfo
ModuleSecurityInfo
(
'Products.ERP5Security.ERP5UserManager'
).
declarePublic
(
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment