Commit 62565cdd authored by Vincent Pelletier's avatar Vincent Pelletier

ERP5Security: Declare SUPER_USER at product level.

It does not depend on a specific plugin.
Also, update all importers.
Also, reduce import cycles in ERP5Security.
parent 0c0ce4d6
...@@ -48,7 +48,7 @@ from AccessControl.PermissionRole import rolesForPermissionOn ...@@ -48,7 +48,7 @@ from AccessControl.PermissionRole import rolesForPermissionOn
from MethodObject import Method from MethodObject import Method
from Products.ERP5Security import mergedLocalRoles from Products.ERP5Security import mergedLocalRoles
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
from Products.ZSQLCatalog.Utils import sqlquote from Products.ZSQLCatalog.Utils import sqlquote
import warnings import warnings
...@@ -470,7 +470,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -470,7 +470,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
""" """
user = _getAuthenticatedUser(self) user = _getAuthenticatedUser(self)
user_str = str(user) user_str = str(user)
user_is_superuser = (user == system_user) or (user_str == SUPER_USER) user_is_superuser = (user == system_user) or (user_str == ERP5Security.SUPER_USER)
allowedRolesAndUsers = self._listAllowedRolesAndUsers(user) allowedRolesAndUsers = self._listAllowedRolesAndUsers(user)
role_column_dict = {} role_column_dict = {}
local_role_column_dict = {} local_role_column_dict = {}
...@@ -596,7 +596,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -596,7 +596,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
""" """
user = _getAuthenticatedUser(self) user = _getAuthenticatedUser(self)
user_str = str(user) user_str = str(user)
user_is_superuser = (user == system_user) or (user_str == SUPER_USER) user_is_superuser = (user == system_user) or (user_str == ERP5Security.SUPER_USER)
if user_is_superuser: if user_is_superuser:
# We need no security check for super user. # We need no security check for super user.
return query return query
......
...@@ -33,7 +33,7 @@ from Products.ERP5Type.Permissions import ManagePortal ...@@ -33,7 +33,7 @@ from Products.ERP5Type.Permissions import ManagePortal
from Products.ERP5Type.Globals import DTMLFile from Products.ERP5Type.Globals import DTMLFile
from Products.ERP5SecurePayment import _dtmldir from Products.ERP5SecurePayment import _dtmldir
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import newSecurityManager
from AccessControl import getSecurityManager from AccessControl import getSecurityManager
from zLOG import LOG from zLOG import LOG
...@@ -66,7 +66,7 @@ class SecurePaymentTool(BaseTool): ...@@ -66,7 +66,7 @@ class SecurePaymentTool(BaseTool):
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
if not('Member' in user.getRoles()): if not('Member' in user.getRoles()):
newSecurityManager(None, newSecurityManager(None,
self.getPortalObject().acl_users.getUserById(SUPER_USER)) self.getPortalObject().acl_users.getUserById(ERP5Security.SUPER_USER))
def _getParametersFromSelection(self,service,selection): def _getParametersFromSelection(self,service,selection):
if selection is not None: if selection is not None:
......
...@@ -33,7 +33,7 @@ from Products.PageTemplates.PageTemplateFile import PageTemplateFile ...@@ -33,7 +33,7 @@ from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.interfaces import plugins from Products.PluggableAuthService.interfaces import plugins
from Products.PluggableAuthService.utils import classImplements from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor
from AccessControl.SecurityManagement import getSecurityManager, \ from AccessControl.SecurityManagement import getSecurityManager, \
setSecurityManager, newSecurityManager setSecurityManager, newSecurityManager
...@@ -182,8 +182,8 @@ class ERP5ExternalOauth2ExtractionPlugin: ...@@ -182,8 +182,8 @@ class ERP5ExternalOauth2ExtractionPlugin:
# create the user if not found # create the user if not found
if not self.searchUsers(id=user, exact_match=True): if not self.searchUsers(id=user, exact_match=True):
sm = getSecurityManager() sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER: if sm.getUser().getId() != ERP5Security.SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER)) newSecurityManager(self, self.getUser(ERP5Security.SUPER_USER))
try: try:
self.REQUEST['USER_CREATION_IN_PROGRESS'] = user self.REQUEST['USER_CREATION_IN_PROGRESS'] = user
if user_entry is None: if user_entry is None:
......
...@@ -32,7 +32,7 @@ import sys ...@@ -32,7 +32,7 @@ import sys
from zLOG import LOG, WARNING from zLOG import LOG, WARNING
from ERP5UserManager import SUPER_USER from Products import ERP5Security
# It can be useful to set NO_CACHE_MODE to 1 in order to debug # It can be useful to set NO_CACHE_MODE to 1 in order to debug
# complex security issues related to caching groups. For example, # complex security issues related to caching groups. For example,
...@@ -83,7 +83,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -83,7 +83,7 @@ class ERP5GroupManager(BasePlugin):
""" See IGroupsPlugin. """ See IGroupsPlugin.
""" """
# If this is the super user, skip the check. # If this is the super user, skip the check.
if principal.getId() == SUPER_USER: if principal.getId() == ERP5Security.SUPER_USER:
return () return ()
@UnrestrictedMethod @UnrestrictedMethod
......
...@@ -47,8 +47,8 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel ...@@ -47,8 +47,8 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
from Products.ERP5Security.ERP5UserManager import ERP5UserManager, \ from Products.ERP5Security.ERP5UserManager import ERP5UserManager, \
SUPER_USER, \
_AuthenticationFailure _AuthenticationFailure
from Products import ERP5Security
from Crypto.Cipher import AES from Crypto.Cipher import AES
from Crypto import Random from Crypto import Random
...@@ -325,7 +325,7 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper): ...@@ -325,7 +325,7 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
if key != None: if key != None:
login = self.decrypt(key) login = self.decrypt(key)
# Forbidden the usage of the super user. # Forbidden the usage of the super user.
if login == SUPER_USER: if login == ERP5Security.SUPER_USER:
return None return None
#Function to allow cache #Function to allow cache
......
...@@ -23,7 +23,7 @@ from Products.PluggableAuthService.utils import classImplements ...@@ -23,7 +23,7 @@ from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin, \ from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin, \
IRoleEnumerationPlugin IRoleEnumerationPlugin
from ERP5UserManager import SUPER_USER from Products import ERP5Security
manage_addERP5RoleManagerForm = PageTemplateFile( manage_addERP5RoleManagerForm = PageTemplateFile(
'www/ERP5Security_addERP5RoleManager', globals(), 'www/ERP5Security_addERP5RoleManager', globals(),
...@@ -64,7 +64,7 @@ class ERP5RoleManager( BasePlugin ): ...@@ -64,7 +64,7 @@ class ERP5RoleManager( BasePlugin ):
""" See IRolesPlugin. """ See IRolesPlugin.
We only ever return Member for every principal We only ever return Member for every principal
""" """
if principal.getId() == SUPER_USER: if principal.getId() == ERP5Security.SUPER_USER:
# If this is the super user, give all the roles present in this system. # If this is the super user, give all the roles present in this system.
# XXX no API to do this in PAS. # XXX no API to do this in PAS.
rolemakers = self._getPAS().plugins.listPlugins( IRoleEnumerationPlugin ) rolemakers = self._getPAS().plugins.listPlugins( IRoleEnumerationPlugin )
......
...@@ -26,7 +26,7 @@ from Products.PluggableAuthService.interfaces.plugins import IUserFactoryPlugin ...@@ -26,7 +26,7 @@ from Products.PluggableAuthService.interfaces.plugins import IUserFactoryPlugin
from Products.PluggableAuthService.PropertiedUser import PropertiedUser from Products.PluggableAuthService.PropertiedUser import PropertiedUser
from Products.PluggableAuthService.PropertiedUser import \ from Products.PluggableAuthService.PropertiedUser import \
_what_not_even_god_should_do _what_not_even_god_should_do
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
manage_addERP5UserFactoryForm = PageTemplateFile( manage_addERP5UserFactoryForm = PageTemplateFile(
'www/ERP5Security_addERP5UserFactory', globals(), 'www/ERP5Security_addERP5UserFactory', globals(),
...@@ -104,7 +104,7 @@ class ERP5User(PropertiedUser): ...@@ -104,7 +104,7 @@ class ERP5User(PropertiedUser):
As for getRolesInContext, we take into account _getAcquireLocalRoles for As for getRolesInContext, we take into account _getAcquireLocalRoles for
ERP5. ERP5.
""" """
if self.getUserName() == SUPER_USER: if self.getUserName() == ERP5Security.SUPER_USER:
# super user is allowed to accesss any object # super user is allowed to accesss any object
return 1 return 1
......
...@@ -31,9 +31,7 @@ from ZODB.POSException import ConflictError ...@@ -31,9 +31,7 @@ from ZODB.POSException import ConflictError
import sys import sys
from DateTime import DateTime from DateTime import DateTime
from zLOG import LOG, PROBLEM from zLOG import LOG, PROBLEM
from Products import ERP5Security
# This user is used to bypass all security checks.
SUPER_USER = '__erp5security-=__'
manage_addERP5UserManagerForm = PageTemplateFile( manage_addERP5UserManagerForm = PageTemplateFile(
'www/ERP5Security_addERP5UserManager', globals(), 'www/ERP5Security_addERP5UserManager', globals(),
...@@ -139,7 +137,7 @@ class ERP5UserManager(BasePlugin): ...@@ -139,7 +137,7 @@ class ERP5UserManager(BasePlugin):
login = credentials.get('external_login') login = credentials.get('external_login')
ignore_password = True ignore_password = True
# Forbidden the usage of the super user. # Forbidden the usage of the super user.
if login == SUPER_USER: if login == ERP5Security.SUPER_USER:
return None return None
@UnrestrictedMethod @UnrestrictedMethod
...@@ -235,7 +233,7 @@ class ERP5UserManager(BasePlugin): ...@@ -235,7 +233,7 @@ class ERP5UserManager(BasePlugin):
id_list = [] id_list = []
has_super_user = False has_super_user = False
for user_id in id: for user_id in id:
if user_id == SUPER_USER: if user_id == ERP5Security.SUPER_USER:
has_super_user = True has_super_user = True
elif user_id: elif user_id:
id_list.append(user_id) id_list.append(user_id)
...@@ -257,7 +255,7 @@ class ERP5UserManager(BasePlugin): ...@@ -257,7 +255,7 @@ class ERP5UserManager(BasePlugin):
else: else:
user_list = [] user_list = []
if has_super_user: if has_super_user:
user_list.append({'uid': None, 'path': None, 'reference': SUPER_USER}) user_list.append({'uid': None, 'path': None, 'reference': ERP5Security.SUPER_USER})
plugin_id = self.getId() plugin_id = self.getId()
return tuple([ return tuple([
{ {
......
...@@ -21,16 +21,8 @@ from AccessControl.Permissions import manage_users as ManageUsers ...@@ -21,16 +21,8 @@ from AccessControl.Permissions import manage_users as ManageUsers
from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
from Products.PluggableAuthService.permissions import ManageGroups from Products.PluggableAuthService.permissions import ManageGroups
import ERP5UserManager # This user is used to bypass all security checks.
import ERP5GroupManager SUPER_USER = '__erp5security-=__'
import ERP5RoleManager
import ERP5UserFactory
import ERP5KeyAuthPlugin
import ERP5ExternalAuthenticationPlugin
import ERP5BearerExtractionPlugin
import ERP5ExternalOauth2ExtractionPlugin
import ERP5AccessTokenExtractionPlugin
import ERP5DumbHTTPExtractionPlugin
def mergedLocalRoles(object): def mergedLocalRoles(object):
"""Returns a merging of object and its ancestors' """Returns a merging of object and its ancestors'
...@@ -60,19 +52,30 @@ def mergedLocalRoles(object): ...@@ -60,19 +52,30 @@ def mergedLocalRoles(object):
return deepcopy(merged) return deepcopy(merged)
registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
registerMultiPlugin(ERP5UserFactory.ERP5UserFactory.meta_type)
registerMultiPlugin(ERP5KeyAuthPlugin.ERP5KeyAuthPlugin.meta_type)
registerMultiPlugin(ERP5ExternalAuthenticationPlugin.ERP5ExternalAuthenticationPlugin.meta_type)
registerMultiPlugin(ERP5BearerExtractionPlugin.ERP5BearerExtractionPlugin.meta_type)
registerMultiPlugin(ERP5ExternalOauth2ExtractionPlugin.ERP5FacebookExtractionPlugin.meta_type)
registerMultiPlugin(ERP5ExternalOauth2ExtractionPlugin.ERP5GoogleExtractionPlugin.meta_type)
registerMultiPlugin(ERP5AccessTokenExtractionPlugin.ERP5AccessTokenExtractionPlugin.meta_type)
registerMultiPlugin(ERP5DumbHTTPExtractionPlugin.ERP5DumbHTTPExtractionPlugin.meta_type)
def initialize(context): def initialize(context):
import ERP5UserManager
import ERP5GroupManager
import ERP5RoleManager
import ERP5UserFactory
import ERP5KeyAuthPlugin
import ERP5ExternalAuthenticationPlugin
import ERP5BearerExtractionPlugin
import ERP5ExternalOauth2ExtractionPlugin
import ERP5AccessTokenExtractionPlugin
import ERP5DumbHTTPExtractionPlugin
registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
registerMultiPlugin(ERP5UserFactory.ERP5UserFactory.meta_type)
registerMultiPlugin(ERP5KeyAuthPlugin.ERP5KeyAuthPlugin.meta_type)
registerMultiPlugin(ERP5ExternalAuthenticationPlugin.ERP5ExternalAuthenticationPlugin.meta_type)
registerMultiPlugin(ERP5BearerExtractionPlugin.ERP5BearerExtractionPlugin.meta_type)
registerMultiPlugin(ERP5ExternalOauth2ExtractionPlugin.ERP5FacebookExtractionPlugin.meta_type)
registerMultiPlugin(ERP5ExternalOauth2ExtractionPlugin.ERP5GoogleExtractionPlugin.meta_type)
registerMultiPlugin(ERP5AccessTokenExtractionPlugin.ERP5AccessTokenExtractionPlugin.meta_type)
registerMultiPlugin(ERP5DumbHTTPExtractionPlugin.ERP5DumbHTTPExtractionPlugin.meta_type)
context.registerClass( ERP5UserManager.ERP5UserManager context.registerClass( ERP5UserManager.ERP5UserManager
, permission=ManageUsers , permission=ManageUsers
......
...@@ -38,6 +38,7 @@ from AccessControl.SecurityManagement import getSecurityManager ...@@ -38,6 +38,7 @@ from AccessControl.SecurityManagement import getSecurityManager
from Products.PluggableAuthService import PluggableAuthService from Products.PluggableAuthService import PluggableAuthService
from zope.interface.verify import verifyClass from zope.interface.verify import verifyClass
from DateTime import DateTime from DateTime import DateTime
from Products import ERP5Security
class TestUserManagement(ERP5TypeTestCase): class TestUserManagement(ERP5TypeTestCase):
"""Tests User Management in ERP5Security. """Tests User Management in ERP5Security.
...@@ -210,13 +211,11 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -210,13 +211,11 @@ class TestUserManagement(ERP5TypeTestCase):
def test_PersonWithSuperUserLoginCannotBeCreated(self): def test_PersonWithSuperUserLoginCannotBeCreated(self):
"""Tests one cannot create person with the "super user" special login.""" """Tests one cannot create person with the "super user" special login."""
from Products.ERP5Security.ERP5UserManager import SUPER_USER self.assertRaises(RuntimeError, self._makePerson, reference=ERP5Security.SUPER_USER)
self.assertRaises(RuntimeError, self._makePerson, reference=SUPER_USER)
def test_PersonWithSuperUserLogin(self): def test_PersonWithSuperUserLogin(self):
"""Tests one cannot use the "super user" special login.""" """Tests one cannot use the "super user" special login."""
from Products.ERP5Security.ERP5UserManager import SUPER_USER self._assertUserDoesNotExists(ERP5Security.SUPER_USER, '')
self._assertUserDoesNotExists(SUPER_USER, '')
def test_searchUsers(self): def test_searchUsers(self):
p1 = self._makePerson(reference='person1') p1 = self._makePerson(reference='person1')
......
...@@ -42,7 +42,7 @@ import zope.interface ...@@ -42,7 +42,7 @@ import zope.interface
from Products.ERP5Type import Permissions, PropertySheet, interfaces from Products.ERP5Type import Permissions, PropertySheet, interfaces
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
class DummyGateway(XMLObject): class DummyGateway(XMLObject):
...@@ -114,7 +114,7 @@ class DummyGateway(XMLObject): ...@@ -114,7 +114,7 @@ class DummyGateway(XMLObject):
try: try:
#Use SUPER_USER #Use SUPER_USER
portal_membership = self.getPortalObject().portal_membership portal_membership = self.getPortalObject().portal_membership
newSecurityManager(None, portal_membership.getMemberById(SUPER_USER)) newSecurityManager(None, portal_membership.getMemberById(ERP5Security.SUPER_USER))
#Dummy notify only new SMS #Dummy notify only new SMS
self.notifyReception(REQUEST.get("sender"), self.notifyReception(REQUEST.get("sender"),
......
...@@ -44,7 +44,7 @@ from zLOG import LOG, INFO ...@@ -44,7 +44,7 @@ from zLOG import LOG, INFO
from Products.ERP5Type import Permissions, PropertySheet, interfaces from Products.ERP5Type import Permissions, PropertySheet, interfaces
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
#Product Module #Product Module
from Products.ERP5ShortMessage.Errors import SMSGatewayError from Products.ERP5ShortMessage.Errors import SMSGatewayError
...@@ -237,7 +237,7 @@ class EssendexGateway(XMLObject): ...@@ -237,7 +237,7 @@ class EssendexGateway(XMLObject):
try: try:
#Use SUPER_USER #Use SUPER_USER
portal_membership = self.getPortalObject().portal_membership portal_membership = self.getPortalObject().portal_membership
newSecurityManager(None, portal_membership.getMemberById(SUPER_USER)) newSecurityManager(None, portal_membership.getMemberById(ERP5Security.SUPER_USER))
#Parse XML #Parse XML
root = etree.fromstring(datas) root = etree.fromstring(datas)
......
...@@ -42,7 +42,7 @@ from zLOG import LOG, INFO ...@@ -42,7 +42,7 @@ from zLOG import LOG, INFO
from Products.ERP5Type import Permissions, PropertySheet, interfaces from Products.ERP5Type import Permissions, PropertySheet, interfaces
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
#Product Module #Product Module
from Products.ERP5ShortMessage.Errors import SMSGatewayError from Products.ERP5ShortMessage.Errors import SMSGatewayError
...@@ -256,7 +256,7 @@ class MobytGateway(XMLObject): ...@@ -256,7 +256,7 @@ class MobytGateway(XMLObject):
try: try:
#Use SUPER_USER #Use SUPER_USER
portal_membership = self.getPortalObject().portal_membership portal_membership = self.getPortalObject().portal_membership
newSecurityManager(None, portal_membership.getMemberById(SUPER_USER)) newSecurityManager(None, portal_membership.getMemberById(ERP5Security.SUPER_USER))
#Mobyt notify only new SMS #Mobyt notify only new SMS
self.notifyReception(REQUEST.get("orig"), self.notifyReception(REQUEST.get("orig"),
......
...@@ -25,7 +25,8 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug ...@@ -25,7 +25,8 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
IUserEnumerationPlugin IUserEnumerationPlugin
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from DateTime import DateTime from DateTime import DateTime
from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER, _AuthenticationFailure from Products.ERP5Security.ERP5UserManager import ERP5UserManager, _AuthenticationFailure
from Products import ERP5Security
from BTrees.OOBTree import OOBTree from BTrees.OOBTree import OOBTree
from zLOG import LOG, INFO, WARNING from zLOG import LOG, INFO, WARNING
...@@ -133,7 +134,7 @@ class ERP5RemoteUserManager(ERP5UserManager): ...@@ -133,7 +134,7 @@ class ERP5RemoteUserManager(ERP5UserManager):
ILoginPasswordExtractionPlugin. ILoginPasswordExtractionPlugin.
""" """
# Forbidden the usage of the super user. # Forbidden the usage of the super user.
if credentials.get('login') == SUPER_USER: if credentials.get('login') == ERP5Security.SUPER_USER:
return None return None
def _authenticateCredentials(login, password, path): def _authenticateCredentials(login, password, path):
...@@ -148,8 +149,8 @@ class ERP5RemoteUserManager(ERP5UserManager): ...@@ -148,8 +149,8 @@ class ERP5RemoteUserManager(ERP5UserManager):
user = user_list[0] user = user_list[0]
sm = getSecurityManager() sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER: if sm.getUser().getId() != ERP5Security.SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER)) newSecurityManager(self, self.getUser(ERP5Security.SUPER_USER))
try: try:
# get assignment # get assignment
assignment_list = [x for x in user.contentValues(portal_type="Assignment") \ assignment_list = [x for x in user.contentValues(portal_type="Assignment") \
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import newSecurityManager
from Products.ERP5.ERP5Site import ERP5Site from Products.ERP5.ERP5Site import ERP5Site
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
from Products.ERP5Type.Base import Base from Products.ERP5Type.Base import Base
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from Products.ERP5Wizard import addERP5RemoteUserManager from Products.ERP5Wizard import addERP5RemoteUserManager
...@@ -41,7 +41,7 @@ def proxyMethodHandler(self, kw): ...@@ -41,7 +41,7 @@ def proxyMethodHandler(self, kw):
"""Dummy proxyMethodHandler""" """Dummy proxyMethodHandler"""
# login as super user # login as super user
newSecurityManager(self, self.getPortalObject().acl_users.getUserById( newSecurityManager(self, self.getPortalObject().acl_users.getUserById(
SUPER_USER)) ERP5Security.SUPER_USER))
data = getattr(self, kw['method_id'])(**kw['method_kw']) data = getattr(self, kw['method_id'])(**kw['method_kw'])
response = GeneratorCall(data=data) response = GeneratorCall(data=data)
return response.dump() return response.dump()
......
...@@ -35,7 +35,7 @@ import sys ...@@ -35,7 +35,7 @@ import sys
from zLOG import LOG, WARNING from zLOG import LOG, WARNING
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products import ERP5Security
NO_CACHE_MODE = 0 NO_CACHE_MODE = 0
...@@ -86,7 +86,7 @@ class EGOVGroupManager(ERP5GroupManager): ...@@ -86,7 +86,7 @@ class EGOVGroupManager(ERP5GroupManager):
""" See IGroupsPlugin. """ See IGroupsPlugin.
""" """
# If this is the super user, skip the check. # If this is the super user, skip the check.
if principal.getId() == SUPER_USER: if principal.getId() == ERP5Security.SUPER_USER:
return () return ()
def _getGroupsForPrincipal(user_name, path): def _getGroupsForPrincipal(user_name, path):
...@@ -98,8 +98,8 @@ class EGOVGroupManager(ERP5GroupManager): ...@@ -98,8 +98,8 @@ class EGOVGroupManager(ERP5GroupManager):
# because we aren't logged in, we have to create our own # because we aren't logged in, we have to create our own
# SecurityManager to be able to access the Catalog # SecurityManager to be able to access the Catalog
sm = getSecurityManager() sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER: if sm.getUser().getId() != ERP5Security.SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER)) newSecurityManager(self, self.getUser(ERP5Security.SUPER_USER))
try: try:
# To get the complete list of groups, we try to call the # To get the complete list of groups, we try to call the
# ERP5Type_getSecurityCategoryMapping which should return a list # ERP5Type_getSecurityCategoryMapping which should return a list
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment