Commit e4b3fa74 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

use enumerateUsers instead of ad-hoc getPersonByReference and getLoginObject.

parent 5570c555
......@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self.getPortalType() + '_setReference_' + value.encode('hex')
# Check that there no existing user
erp5_users = portal.acl_users.erp5_users
login = erp5_users.getLoginObject(value, self.getPortalType())
if login is not None and login != self and \
login != self.getParentValue():
user_list = erp5_users.enumerateUsers(login=value)
if [x for x in user_list if x.get('login', {}).get('path', '') != self.getPath()]:
raise RuntimeError, 'user id %s already exist' % (value,)
# Check that there is no reindexation related to reference indexation
if portal.portal_activities.countMessageWithTag(tag):
......@@ -95,4 +94,4 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
self.reindexObject(activate_kw=activate_kw)
# invalid the cache for ERP5Security
portal_caches = portal.portal_caches
portal_caches.clearCache(cache_factory_list=('erp5_content_short', ))
\ No newline at end of file
portal_caches.clearCache(cache_factory_list=('erp5_content_short', ))
......@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString
portal = context.getPortalObject()
user = getSecurityManager().getUser()
person = context.acl_users.erp5_users.getPersonByReference(user.getId())
person = portal.restrictedTraverse(portal.acl_users.erp5_users.enumerateUsers(id=user.getId())[0]['path'])
for login in person.objectValues(portal_type='ERP5 Login'):
if login.getReference() == reference and login.getValidationState() == 'validated':
break
......
......@@ -272,8 +272,10 @@ class PasswordTool(BaseTool):
# XXX: incorrect grammar
return error("Date has expire.")
del self._password_request_dict[password_key]
login = self.getPortalObject().acl_users.erp5_users.getLoginObject(
register_user_login, 'ERP5 Login')
login = self.getPortalObject().unrestrictedTraverse(
self.getPortalObject().acl_users.erp5_users.enumerateUsers(
login=register_user_login,
login_portal_type='ERP5 Login')[0]['login']['path'])
login._forceSetPassword(password)
login.reindexObject()
return redirect(REQUEST, site_url,
......
......@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
category_list = []
person_object = self.getPortalObject().acl_users.erp5_users.getPersonByReference(user_name)
if person_object is None:
user_list = self.getPortalObject().acl_users.erp5_users.enumerateUsers(id=user_name)
if not user_list or not 'path' in user_list[0]:
# if a person_object was not found in the module, we do nothing more
# this happens for example when a manager with no associated person object
# creates a person_object for a new user
return []
else:
person_object = self.getPortalObject().unrestrictedTraverse(user_list[0]['path'])
# We look for every valid assignments of this user
for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
......
......@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin):
self.REQUEST['USER_CREATION_IN_PROGRESS'] = user
else:
# create the user if not found
person_list = self.erp5_users.getPersonByReference(user)
if len(person_list) == 0:
user_list = self.erp5_users.enumerateUsers(id=user)
if not user_list:
sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER))
......
......@@ -31,7 +31,7 @@ import sys
from zLOG import LOG, WARNING
from ERP5UserManager import SUPER_USER, getUserByLogin
from ERP5UserManager import SUPER_USER
# It can be useful to set NO_CACHE_MODE to 1 in order to debug
# complex security issues related to caching groups. For example,
......@@ -117,9 +117,16 @@ class ERP5GroupManager(BasePlugin):
security_definition_list = mapping_method()
# get the person from its login - no security check needed
person_object = self.erp5_users.getPersonByReference(user_name)
if person_object is None: # no person is linked to this user login
user_list = self.erp5_users.enumerateUsers(id=user_name)
if not user_list:
return ()
else:
path = user_list[0].get('path')
if path:
person_object = self.getPortalObject().unrestrictedTraverse(path)
else:
# not ERP5 user
return ()
# Fetch category values from defined scripts
for (method_name, base_category_list) in security_definition_list:
......
......@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
from Products.ERP5Security.ERP5UserManager import SUPER_USER,\
_AuthenticationFailure
from Crypto.Cipher import AES
from Crypto import Random
......
......@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
IUserEnumerationPlugin
from Products.ERP5Type.Cache import CachingMethod
from DateTime import DateTime
from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER, _AuthenticationFailure
from Products.ERP5Security.ERP5UserManager import ERP5UserManager
from BTrees.OOBTree import OOBTree
from zLOG import LOG, INFO, WARNING
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment