Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
francois
erp5
Commits
e4b3fa74
Commit
e4b3fa74
authored
Oct 21, 2016
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
use enumerateUsers instead of ad-hoc getPersonByReference and getLoginObject.
parent
5570c555
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
25 additions
and
17 deletions
+25
-17
bt5/erp5_base/DocumentTemplateItem/portal_components/document.erp5.Login.py
...mentTemplateItem/portal_components/document.erp5.Login.py
+3
-4
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
...m/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
+1
-1
product/ERP5/Tool/PasswordTool.py
product/ERP5/Tool/PasswordTool.py
+4
-2
product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
...Item/portal_components/extension.erp5.StandardSecurity.py
+4
-2
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
+2
-2
product/ERP5Security/ERP5GroupManager.py
product/ERP5Security/ERP5GroupManager.py
+10
-3
product/ERP5Security/ERP5KeyAuthPlugin.py
product/ERP5Security/ERP5KeyAuthPlugin.py
+0
-2
product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
+1
-1
No files found.
bt5/erp5_base/DocumentTemplateItem/portal_components/document.erp5.Login.py
View file @
e4b3fa74
...
...
@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self
.
getPortalType
()
+
'_setReference_'
+
value
.
encode
(
'hex'
)
# Check that there no existing user
erp5_users
=
portal
.
acl_users
.
erp5_users
login
=
erp5_users
.
getLoginObject
(
value
,
self
.
getPortalType
())
if
login
is
not
None
and
login
!=
self
and
\
login
!=
self
.
getParentValue
():
user_list
=
erp5_users
.
enumerateUsers
(
login
=
value
)
if
[
x
for
x
in
user_list
if
x
.
get
(
'login'
,
{}).
get
(
'path'
,
''
)
!=
self
.
getPath
()]:
raise
RuntimeError
,
'user id %s already exist'
%
(
value
,)
# Check that there is no reindexation related to reference indexation
if
portal
.
portal_activities
.
countMessageWithTag
(
tag
):
...
...
@@ -95,4 +94,4 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self
.
reindexObject
(
activate_kw
=
activate_kw
)
# invalid the cache for ERP5Security
portal_caches
=
portal
.
portal_caches
portal_caches
.
clearCache
(
cache_factory_list
=
(
'erp5_content_short'
,
))
\ No newline at end of file
portal_caches
.
clearCache
(
cache_factory_list
=
(
'erp5_content_short'
,
))
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
View file @
e4b3fa74
...
...
@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString
portal
=
context
.
getPortalObject
()
user
=
getSecurityManager
().
getUser
()
person
=
context
.
acl_users
.
erp5_users
.
getPersonByReference
(
user
.
getId
()
)
person
=
portal
.
restrictedTraverse
(
portal
.
acl_users
.
erp5_users
.
enumerateUsers
(
id
=
user
.
getId
())[
0
][
'path'
]
)
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
):
if
login
.
getReference
()
==
reference
and
login
.
getValidationState
()
==
'validated'
:
break
...
...
product/ERP5/Tool/PasswordTool.py
View file @
e4b3fa74
...
...
@@ -272,8 +272,10 @@ class PasswordTool(BaseTool):
# XXX: incorrect grammar
return
error
(
"Date has expire."
)
del
self
.
_password_request_dict
[
password_key
]
login
=
self
.
getPortalObject
().
acl_users
.
erp5_users
.
getLoginObject
(
register_user_login
,
'ERP5 Login'
)
login
=
self
.
getPortalObject
().
unrestrictedTraverse
(
self
.
getPortalObject
().
acl_users
.
erp5_users
.
enumerateUsers
(
login
=
register_user_login
,
login_portal_type
=
'ERP5 Login'
)[
0
][
'login'
][
'path'
])
login
.
_forceSetPassword
(
password
)
login
.
reindexObject
()
return
redirect
(
REQUEST
,
site_url
,
...
...
product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
View file @
e4b3fa74
...
...
@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
category_list
=
[]
person_object
=
self
.
getPortalObject
().
acl_users
.
erp5_users
.
getPersonByReference
(
user_name
)
if
person_object
is
None
:
user_list
=
self
.
getPortalObject
().
acl_users
.
erp5_users
.
enumerateUsers
(
id
=
user_name
)
if
not
user_list
or
not
'path'
in
user_list
[
0
]
:
# if a person_object was not found in the module, we do nothing more
# this happens for example when a manager with no associated person object
# creates a person_object for a new user
return
[]
else
:
person_object
=
self
.
getPortalObject
().
unrestrictedTraverse
(
user_list
[
0
][
'path'
])
# We look for every valid assignments of this user
for
assignment
in
person_object
.
contentValues
(
filter
=
{
'portal_type'
:
'Assignment'
}):
...
...
product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
View file @
e4b3fa74
...
...
@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin):
self
.
REQUEST
[
'USER_CREATION_IN_PROGRESS'
]
=
user
else
:
# create the user if not found
person_list
=
self
.
erp5_users
.
getPersonByReference
(
user
)
if
len
(
person_list
)
==
0
:
user_list
=
self
.
erp5_users
.
enumerateUsers
(
id
=
user
)
if
not
user_list
:
sm
=
getSecurityManager
()
if
sm
.
getUser
().
getId
()
!=
SUPER_USER
:
newSecurityManager
(
self
,
self
.
getUser
(
SUPER_USER
))
...
...
product/ERP5Security/ERP5GroupManager.py
View file @
e4b3fa74
...
...
@@ -31,7 +31,7 @@ import sys
from
zLOG
import
LOG
,
WARNING
from
ERP5UserManager
import
SUPER_USER
,
getUserByLogin
from
ERP5UserManager
import
SUPER_USER
# It can be useful to set NO_CACHE_MODE to 1 in order to debug
# complex security issues related to caching groups. For example,
...
...
@@ -117,9 +117,16 @@ class ERP5GroupManager(BasePlugin):
security_definition_list
=
mapping_method
()
# get the person from its login - no security check needed
person_object
=
self
.
erp5_users
.
getPersonByReference
(
user_name
)
if
person_object
is
None
:
# no person is linked to this user login
user_list
=
self
.
erp5_users
.
enumerateUsers
(
id
=
user_name
)
if
not
user_list
:
return
()
else
:
path
=
user_list
[
0
].
get
(
'path'
)
if
path
:
person_object
=
self
.
getPortalObject
().
unrestrictedTraverse
(
path
)
else
:
# not ERP5 user
return
()
# Fetch category values from defined scripts
for
(
method_name
,
base_category_list
)
in
security_definition_list
:
...
...
product/ERP5Security/ERP5KeyAuthPlugin.py
View file @
e4b3fa74
...
...
@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
from
Products.ERP5Type.Cache
import
CachingMethod
from
Products.ERP5Type.UnrestrictedMethod
import
UnrestrictedMethod
from
Products.ERP5Security.ERP5UserManager
import
SUPER_USER
,
\
_AuthenticationFailure
from
Crypto.Cipher
import
AES
from
Crypto
import
Random
...
...
product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
View file @
e4b3fa74
...
...
@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
IUserEnumerationPlugin
from
Products.ERP5Type.Cache
import
CachingMethod
from
DateTime
import
DateTime
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
,
SUPER_USER
,
_AuthenticationFailure
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
from
BTrees.OOBTree
import
OOBTree
from
zLOG
import
LOG
,
INFO
,
WARNING
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment