From bba77211fc412847c909c605b52d1c5d5d436309 Mon Sep 17 00:00:00 2001 From: Kazuhiko Shiozaki <kazuhiko@nexedi.com> Date: Tue, 21 Sep 2010 16:07:25 +0000 Subject: [PATCH] use portal_membership._huntUser() instead of calling portal.acl_users.validate directly, that does not work for root level zope users. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38533 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5/mixin/extensible_traversable.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/product/ERP5/mixin/extensible_traversable.py b/product/ERP5/mixin/extensible_traversable.py index 1de3fda1e5..03cebde142 100644 --- a/product/ERP5/mixin/extensible_traversable.py +++ b/product/ERP5/mixin/extensible_traversable.py @@ -40,6 +40,7 @@ from Products.CMFCore.utils import getToolByName, _setCacheHeaders, _ViewEmulato from OFS.Image import File as OFSFile from warnings import warn import sys +from base64 import decodestring from Products.ERP5Type.UnrestrictedMethod import unrestricted_apply @@ -84,8 +85,9 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn): if user is _MARKER: user = None # By default, do nothing if old_user is None or old_user.getUserName() == 'Anonymous User': - user_folder = getattr(self.getPortalObject(), 'acl_users', None) - if user_folder is not None: + portal_membership = getToolByName(self.getPortalObject(), + 'portal_membership') + if portal_membership is not None: try: if request.get('PUBLISHED', _MARKER) is _MARKER: # request['PUBLISHED'] is required by validate @@ -94,7 +96,14 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn): else: has_published = True try: - user = user_folder.validate(request) + auth = request._auth + # this logic is copied from identify() in + # AccessControl.User.BasicUserFolder. + if auth and auth.lower().startswith('basic '): + name = decodestring(auth.split(' ')[-1]).split(':', 1)[0] + user = portal_membership._huntUser(name, self) + else: + user = None except AttributeError: # This kind of error happens with unrestrictedTraverse, # because the request object is a fake, and it is just @@ -206,4 +215,4 @@ class OOoDocumentExtensibleTraversableMixin(BaseExtensibleTraversableMixin): if user is not None: setSecurityManager(old_manager) return document - \ No newline at end of file + -- 2.30.9