Commit 8bbf0b5a authored by Yoshinori Okuji's avatar Yoshinori Okuji

Change the handling of Anonymous User.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@21362 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 64461a2e
...@@ -27,9 +27,13 @@ ...@@ -27,9 +27,13 @@
############################################################################## ##############################################################################
from AccessControl.User import UnrestrictedUser from AccessControl.User import UnrestrictedUser
from Products.ERP5Security.ERP5UserManager import SUPER_USER from AccessControl.SpecialUsers import system
from AccessControl.SecurityManagement import getSecurityManager, \ from AccessControl.SecurityManagement import getSecurityManager, \
newSecurityManager, setSecurityManager newSecurityManager, setSecurityManager
try:
from Zope2 import app
except ImportError:
from Zope import app
class PrivilegedUser(UnrestrictedUser): class PrivilegedUser(UnrestrictedUser):
"""User that bypasses all security checks, but retains an original """User that bypasses all security checks, but retains an original
...@@ -68,23 +72,25 @@ class UnrestrictedMethod(object): ...@@ -68,23 +72,25 @@ class UnrestrictedMethod(object):
def __call__(self, *args, **kw): def __call__(self, *args, **kw):
security_manager = getSecurityManager() security_manager = getSecurityManager()
user = security_manager.getUser() user = security_manager.getUser()
isAnonymousUser = user.getUserName()=='Anonymous User' anonymous = (user.getUserName() == 'Anonymous User')
if user.getId() is None and not isAnonymousUser: if user.getId() is None and not anonymous:
# This is a special user, thus the user is not allowed to own objects. # This is a special user, thus the user is not allowed to own objects.
super_user = UnrestrictedUser(user.getUserName(), None, super_user = UnrestrictedUser(user.getUserName(), None,
user.getRoles(), user.getDomains()) user.getRoles(), user.getDomains())
elif isAnonymousUser:
# switch to ERP5 SUPER_USER
# XXX: hard-coded username and roles (this is bad but no way we could
# currently get context (i.e. switch to roles of owner of portal)
# another possibility is to pass username, roles from outside in constructor
super_user = UnrestrictedUser(SUPER_USER, None,
('Manager', 'Assignor' ), ('',))
else: else:
uf = user.aq_inner.aq_parent try:
# XXX is it better to get roles from the parent (i.e. portal)? # XXX is it better to get roles from the parent (i.e. portal)?
uf = user.aq_inner.aq_parent
except AttributeError:
uf = app().acl_users
role_list = uf.valid_roles() role_list = uf.valid_roles()
super_user = PrivilegedUser(user.getId(), None, if anonymous:
# If the user is anonymous, use the id of the system user,
# so that it would not be treated as an unauthorized user.
user_id = str(system)
else:
user_id = user.getId()
super_user = PrivilegedUser(user_id, None,
role_list, user.getDomains()).__of__(uf) role_list, user.getDomains()).__of__(uf)
newSecurityManager(None, super_user) newSecurityManager(None, super_user)
try: try:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment