Skip to content

erp5
erp5
Commit 52b94f62 authored by Jean-Paul Smets's avatar Jean-Paul Smets
Browse files
Options

Initial revision 


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4167 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent a5d2e603
Hide whitespace changes
Inline Side-by-side
Showing with 520 additions and 0 deletions
product/ERP5Security/ERP5GroupManager.py 0 → 100755
View file @ 52b94f62
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
# Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" Classes: ERP5GroupManager
"""
from Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from AccessControl.SecurityManagement import newSecurityManager, getSecurityManager
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
from Products.ERP5Type.Cache import CachingMethod
from zLOG import LOG
manage_addERP5GroupManagerForm = PageTemplateFile(
'www/ERP5Security_addERP5GroupManager', globals(), __name__='manage_addERP5GroupManagerForm' )
def addERP5GroupManager( dispatcher, id, title=None, REQUEST=None ):
""" Add a ERP5GroupManager to a Pluggable Auth Service. """
egm = ERP5GroupManager(id, title)
dispatcher._setObject(egm.getId(), egm)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5GroupManager+added.'
% dispatcher.absolute_url())
class ERP5GroupManager(BasePlugin):
""" PAS plugin for dynamically adding Groups
based on Assignments in ERP5
"""
meta_type = 'ERP5 Group Manager'
security = ClassSecurityInfo()
def __init__(self, id, title=None):
self._id = self.id = id
self.title = title
#
# IGroupsPlugin implementation
#
def getGroupsForPrincipal(self, principal, request=None):
""" See IGroupsPlugin.
"""
def _getGroupsForPrincipal(user_name, path):
security_group_list = []
# because we aren't logged in, we have to create our own
# SecurityManager to be able to access the Catalog
newSecurityManager(self, self.getPortalObject().getOwner())
base_category_list = self.getPortalObject().getPortalAssignmentsBaseCategoryList()
user_name = principal.getId()
person_module = self.getPortalObject().getDefaultModule('Person')
person_object = getattr(person_module, user_name, None)
# return no groups if the username is not registered in person module
if not person_object:
return ()
# Fetch category values from assignment
category_list = self.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, self, '')
# return no groups if we there are no Security Categories
if not category_list:
return ()
# Get group names from category values
for c_dict in category_list:
security_group_list.append(self.ERP5Type_asSecurityGroupId(category_order=base_category_list, **c_dict))
LOG('erp5_groups', 0, 'user %s is member of %s' %(user_name, str(security_group_list)))
return tuple(security_group_list)
_getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal')
return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath())
classImplements( ERP5GroupManager
, IGroupsPlugin
)
InitializeClass(ERP5GroupManager)
product/ERP5Security/ERP5RoleManager.py 0 → 100755
View file @ 52b94f62
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
# Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" Classes: ERP5RoleManager
"""
from Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin
manage_addERP5RoleManagerForm = PageTemplateFile(
'www/ERP5Security_addERP5RoleManager', globals(), __name__='manage_addERP5RoleManagerForm' )
def addERP5RoleManager( dispatcher, id, title=None, REQUEST=None ):
""" Add a ERP5RoleManager to a Pluggable Auth Service. """
erm = ERP5RoleManager(id, title)
dispatcher._setObject(erm.getId(), erm)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5RoleManager+added.'
% dispatcher.absolute_url())
class ERP5RoleManager( BasePlugin ):
""" PAS plugin to add 'Member' as default
Role for every user.
"""
meta_type = 'ERP5 Role Manager'
security = ClassSecurityInfo()
def __init__(self, id, title=None):
self._id = self.id = id
self.title = title
#
# IRolesPlugin implementation
#
security.declarePrivate( 'getRolesForPrincipal' )
def getRolesForPrincipal( self, principal, request=None ):
""" See IRolesPlugin.
We only ever return Member for every principal
"""
return ('Member',)
classImplements( ERP5RoleManager
, IRolesPlugin
)
InitializeClass(ERP5RoleManager)
product/ERP5Security/ERP5UserManager.py 0 → 100755
View file @ 52b94f62
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
# Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" Classes: ERP5UserManager
"""
from Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from AccessControl.SecurityManagement import newSecurityManager
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlugin
from Products.PluggableAuthService.interfaces.plugins import IUserEnumerationPlugin
from Products.ERP5Type.Cache import CachingMethod
from zLOG import LOG
manage_addERP5UserManagerForm = PageTemplateFile(
'www/ERP5Security_addERP5UserManager', globals(), __name__='manage_addERP5UserManagerForm' )
def addERP5UserManager(dispatcher, id, title=None, REQUEST=None):
""" Add a ERP5UserManagern to a Pluggable Auth Service. """
eum = ERP5UserManager(id, title)
dispatcher._setObject(eum.getId(), eum)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5UserManager+added.'
% dispatcher.absolute_url())
class ERP5UserManager(BasePlugin):
""" PAS plugin for managing users in ERP5
"""
meta_type = 'ERP5 User Manager'
security = ClassSecurityInfo()
def __init__(self, id, title=None):
self._id = self.id = id
self.title = title
#
# IAuthenticationPlugin implementation
#
security.declarePrivate( 'authenticateCredentials' )
def authenticateCredentials(self, credentials):
""" See IAuthenticationPlugin.
o We expect the credentials to be those returned by
ILoginPasswordExtractionPlugin.
"""
def _authenticateCredentials(login, password, path):
if login is None or password is None:
return None
user_list = self.getUserByLogin(login)
if not user_list:
return None
user = user_list[0]
if user.getPassword() == password:
LOG('authenticateCredentials', 0, user.getId())
return user.getId(), login
return None
_authenticateCredentials = CachingMethod(_authenticateCredentials, id='ERP5UserManager_authenticateCredentials')
return _authenticateCredentials(login=credentials.get('login'), password=credentials.get('password'), path=self.getPhysicalPath())
#
# IUserEnumerationPlugin implementation
#
security.declarePrivate( 'enumerateUsers' )
def enumerateUsers(self, id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw):
""" See IUserEnumerationPlugin.
"""
def _enumerateUsers(t_id, path):
user_info = []
user_objects = []
plugin_id = self.getId()
if isinstance(t_id, str):
t_id = (t_id,)
if t_id:
person_module = self.person
for user_name in t_id:
user = getattr(person_module, user_name, None)
if user:
user_objects.append(user)
elif login:
user_objects.extend(self.getUserByLogin(login))
for user in user_objects:
LOG('enumerateUsers', 0, user.getId())
info = { 'id' : user.getId()
, 'login' : user.getReference()
, 'pluginid' : plugin_id
}
user_info.append(info)
return tuple(user_info)
_enumerateUsers = CachingMethod(_enumerateUsers, id='ERP5UserManager_enumerateUsers')
if isinstance(id, list):
id = tuple(id)
return _enumerateUsers(t_id=id, path=self.getPhysicalPath())
def getUserByLogin(self, login):
"""
Search the Catalog for login and return a list of person objects
login can be a string list or a list of strings
"""
# because we aren't logged in, we have to create our own
# SecurityManager to be able to access the Catalog
newSecurityManager(self, self.getPortalObject().portal_catalog.getOwner())
result = self.getPortalObject().portal_catalog(portal_type="Person", reference=login)
return [item.getObject() for item in result]
classImplements( ERP5UserManager
, IAuthenticationPlugin
, IUserEnumerationPlugin
)
InitializeClass(ERP5UserManager)
product/ERP5Security/__init__.py 0 → 100755
View file @ 52b94f62
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
# Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" ERP5Security product initialization.
"""
from AccessControl.Permissions import manage_users as ManageUsers
from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
from Products.PluggableAuthService.permissions import ManageGroups
import ERP5UserManager
import ERP5GroupManager
import ERP5RoleManager
registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
def initialize(context):
context.registerClass( ERP5UserManager.ERP5UserManager
, permission=ManageUsers
, constructors=(
ERP5UserManager.manage_addERP5UserManagerForm,
ERP5UserManager.addERP5UserManager, )
, visibility=None
, icon='www/portal.gif'
)
context.registerClass( ERP5GroupManager.ERP5GroupManager
, permission=ManageGroups
, constructors=(
ERP5GroupManager.manage_addERP5GroupManagerForm,
ERP5GroupManager.addERP5GroupManager, )
, visibility=None
, icon='www/portal.gif'
)
context.registerClass( ERP5RoleManager.ERP5RoleManager
, permission=ManageUsers
, constructors=(
ERP5RoleManager.manage_addERP5RoleManagerForm,
ERP5RoleManager.addERP5RoleManager, )
, visibility=None
, icon='www/portal.gif'
)
product/ERP5Security/www/ERP5Security_addERP5GroupManager.zpt 0 → 100755
View file @ 52b94f62
<h1 tal:replace="structure here/manage_page_header">Header</h1>
<h2 tal:define="form_title string:Add ERP5 Group Manager"
tal:replace="structure here/manage_form_title">Form Title</h2>
<p class="form-help">
ERP5 Group Manager assigns Groups dynamically to users
based on Assignments in ERP5
</p>
<form action="addERP5GroupManager" method="post">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
<td align="left" valign="top">
<div class="form-label">
Id
</div>
</td>
<td align="left" valign="top">
<input type="text" name="id" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-optional">
Title
</div>
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
</td>
<td align="left" valign="top">
<div class="form-element">
<input class="form-element" type="submit" name="submit"
value=" Add " />
</div>
</td>
</tr>
</table>
</form>
<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
product/ERP5Security/www/ERP5Security_addERP5RoleManager.zpt 0 → 100755
View file @ 52b94f62
<h1 tal:replace="structure here/manage_page_header">Header</h1>
<h2 tal:define="form_title string:Add ERP5 Role Manager"
tal:replace="structure here/manage_form_title">Form Title</h2>
<p class="form-help">
ERP5 Role Manager adds 'Member' as default Role for every user.
</p>
<form action="addERP5RoleManager" method="post">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
<td align="left" valign="top">
<div class="form-label">
Id
</div>
</td>
<td align="left" valign="top">
<input type="text" name="id" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-optional">
Title
</div>
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
</td>
<td align="left" valign="top">
<div class="form-element">
<input class="form-element" type="submit" name="submit"
value=" Add " />
</div>
</td>
</tr>
</table>
</form>
<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
product/ERP5Security/www/ERP5Security_addERP5UserManager.zpt 0 → 100755
View file @ 52b94f62
<h1 tal:replace="structure here/manage_page_header">Header</h1>
<h2 tal:define="form_title string:Add ERP5 User Manager"
tal:replace="structure here/manage_form_title">Form Title</h2>
<p class="form-help">
ERP5 User Manager applys the users managed in ERP5 person moduel
to the Pluggable Authentication Service
</p>
<form action="addERP5UserManager" method="post">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
<td align="left" valign="top">
<div class="form-label">
Id
</div>
</td>
<td align="left" valign="top">
<input type="text" name="id" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-optional">
Title
</div>
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
</td>
<td align="left" valign="top">
<div class="form-element">
<input class="form-element" type="submit" name="submit"
value=" Add " />
</div>
</td>
</tr>
</table>
</form>
<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7