Fixed indentation.

Now uses Person reference instead of id as login. Can be extended through a Python Script. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4468 20353a03-c40f-0410-a6d1-a30d3c3de9de

Fixed indentation.
Now uses Person reference instead of id as login. Can be extended through a Python Script. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4468 20353a03-c40f-0410-a6d1-a30d3c3de9de
f6342cb7 · Alexandre Boeglin · 008877c7 · f6342cb7
Commit f6342cb7 authored Dec 02, 2005 by Alexandre Boeglin
Hide whitespace changes
Inline Side-by-side

Showing with 99 additions and 63 deletions

product/ERP5Security/ERP5GroupManager.py product/ERP5Security/ERP5GroupManager.py +99 -63

No files found.
--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -24,81 +24,117 @@ from Products.PluggableAuthService.utils import classImplements
 from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
 from Products.ERP5Type.Cache import CachingMethod
+from pickle import dumps, loads
 from zLOG import LOG
 manage_addERP5GroupManagerForm = PageTemplateFile(
    'www/ERP5Security_addERP5GroupManager', globals(), __name__='manage_addERP5GroupManagerForm' )
 def addERP5GroupManager( dispatcher, id, title=None, REQUEST=None ):
-    """ Add a ERP5GroupManager to a Pluggable Auth Service. """
+  """ Add a ERP5GroupManager to a Pluggable Auth Service. """
-    egm = ERP5GroupManager(id, title)
+  egm = ERP5GroupManager(id, title)
-    dispatcher._setObject(egm.getId(), egm)
+  dispatcher._setObject(egm.getId(), egm)
-    if REQUEST is not None:
+  if REQUEST is not None:
-        REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-                                '%s/manage_workspace'
+                              '%s/manage_workspace'
-                                '?manage_tabs_message='
+                              '?manage_tabs_message='
-                                'ERP5GroupManager+added.'
+                              'ERP5GroupManager+added.'
-                            % dispatcher.absolute_url())
+                          % dispatcher.absolute_url())
 class ERP5GroupManager(BasePlugin):
-    """ PAS plugin for dynamically adding Groups
+  """ PAS plugin for dynamically adding Groups
-    based on Assignments in ERP5
+  based on Assignments in ERP5
+  """
+  meta_type = 'ERP5 Group Manager'
+  security = ClassSecurityInfo()
+  def __init__(self, id, title=None):
+    self._id = self.id = id
+    self.title = title
+  #
+  #   IGroupsPlugin implementation
+  #
+  def getGroupsForPrincipal(self, principal, request=None):
+    """ See IGroupsPlugin.
    """
-    meta_type = 'ERP5 Group Manager'
+    def _getGroupsForPrincipal(user_name, path):
+      security_category_dict = {} # key is the base_category_list,
-    security = ClassSecurityInfo()
+                                  # value is the list of fetched categories
+      security_group_list = []
-    def __init__(self, id, title=None):
+      security_definition_dict = {}
-        self._id = self.id = id
+      # because we aren't logged in, we have to create our own
-        self.title = title
+      # SecurityManager to be able to access the Catalog
+      #FIXME here we assume that the portal owner will always have
-    #
+      #      enough rights, which might as well be wrong
-    #   IGroupsPlugin implementation
+      newSecurityManager(self, self.getPortalObject().getOwner())
-    #
-    def getGroupsForPrincipal(self, principal, request=None):
+      # To get the complete list of groups, we try to call the
-        """ See IGroupsPlugin.
+      # ERP5Type_getSecurityCategoryMapping which should return a dict
-        """
+      # like : {
-        def _getGroupsForPrincipal(user_name, path):
+      #     'script_1':['base_category_1', 'base_category_2', ...],
-            security_group_list = []
+      #     'script_2':['base_category_1', 'base_category_3', ...]}
+      #
-            # because we aren't logged in, we have to create our own
+      # else, if the script does not exist, falls back to :
-            # SecurityManager to be able to access the Catalog
+      # { 'ERP5Type_getSecurityCategoryFromAssignment':
-            newSecurityManager(self, self.getPortalObject().getOwner())
+      #   self.getPortalAssignmentBaseCategoryList()}
-            base_category_list = self.getPortalObject().getPortalAssignmentBaseCategoryList()
+      mapping_method = getattr(self,
-            user_name = principal.getId()
+          'ERP5Type_getSecurityCategoryMapping', None)
+      if mapping_method is None:
-            person_module = self.getPortalObject().getDefaultModule('Person')
+        security_definition_dict = {
-            person_object = getattr(person_module, user_name, None)
+            'ERP5Type_getSecurityCategoryFromAssignment':
+            self.getPortalAssignmentBaseCategoryList()
-            # return no groups if the username is not registered in person module
+        }
-            if not person_object:
+      else:
-                return ()
+        security_definition_dict = mapping_method()
-            # Fetch category values from assignment
+      # get the person from its reference
-            category_list = self.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, self, '')
+      catalog_result = self.portal_catalog(
+          portal_type="Person", reference=user_name)
-            # return no groups if we there are no Security Categories
+      if len(catalog_result) != 1: # we won't proceed with groups
-            if not category_list:
+        if len(catalog_result) > 1: # configuration is screwed
-                return ()
+          raise 'ConsistencyError', 'There is more than one Person whose \
+              login is %s : %s' % (user_name,
-            # Get group names from category values
+              repr([r.getObject() for r in catalog_result]))
-            for c_dict in category_list:
+        else: # no person is linked to this user login
-                security_group_list.append(self.ERP5Type_asSecurityGroupId(category_order=base_category_list, **c_dict))
+          return ()
+      person_object = catalog_result[0].getObject()
-            LOG('erp5_groups', 0, 'user %s is member of %s' %(user_name, str(security_group_list)))
+      person_id = person_object.getId()
-            return tuple(security_group_list)
+      # Fetch category values from defined scripts
+      for method_name, base_category_list in \
-        _getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal')
+          security_definition_dict.items():
-        return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath())
+        pickled_category_list = dumps(base_category_list)
+        method = getattr(self, method_name)
+        if not security_category_dict.has_key(pickled_category_list):
+          security_category_dict[pickled_category_list] = []
+        security_category_dict[pickled_category_list].extend(
+            method(base_category_list, person_id, person_object, ''))
+      # Get group names from category values
+      group_id_generator = getattr(self, 'ERP5Type_asSecurityGroupId')
+      for pickled_category_list, category_value_list in \
+          security_category_dict.items():
+        base_category_list = loads(pickled_category_list)
+        for category_dict in category_value_list:
+          security_group_list.append(group_id_generator(
+              category_order=base_category_list, **category_dict))
+      return tuple(security_group_list)
+    _getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal')
+    return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath())
 classImplements( ERP5GroupManager
               , IGroupsPlugin
               )