ERP5Security: disable erp5_users plugin instead of deleting in post_upgrade.

bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/ERP5Site_disableERP5UserManager.py

+portal = context.getPortalObject()
+acl_users = portal.acl_users
+plugin_id = 'erp5_users'
+getattr(acl_users, plugin_id).manage_activateInterfaces([])

bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/ERP5Site_disableERP5UserManager.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ERP5Site_disableERP5UserManager</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/TemplateTool_checkERP5UserManagerNonExistenceConsistency.py

@@ -11,8 +11,5 @@ if plugin_id in acl_users.plugins.getAllPlugins(plugin_type='IAuthenticationPlug
       activate_kw={'tag': tag, 'priority': 6},
       method_id='Person_migrateToERP5Login',
     )
-    portal.portal_activities.activateObject(
-      '/' + acl_users.absolute_url(relative=True),
-      after_tag=tag,
-    ).manage_delObjects(ids=[plugin_id])
+    portal.portal_activities.activate(after_tag=tag).ERP5Site_disableERP5UserManager()
 return error_list

product/ERP5Security/tests/testERP5Security.py

@@ -39,6 +39,8 @@ from AccessControl.SecurityManagement import newSecurityManager
 from AccessControl.SecurityManagement import getSecurityManager
 from AccessControl import SpecialUsers
 from Products.PluggableAuthService import PluggableAuthService
+from Products.PluggableAuthService.interfaces.plugins \
+  import IAuthenticationPlugin, IUserEnumerationPlugin
 from zope.interface.verify import verifyClass
 from DateTime import DateTime
 from Products import ERP5Security
@@ -443,7 +445,8 @@ class TestUserManagement(ERP5TypeTestCase):
     self._assertUserExists(login, password)
 
   def test_PersonLoginMigration(self):
-    self.portal.acl_users.manage_addProduct['ERP5Security'].addERP5UserManager('erp5_users')
+    if 'erp5_users' not in self.portal.acl_users:
+      self.portal.acl_users.manage_addProduct['ERP5Security'].addERP5UserManager('erp5_users')
     self.portal.acl_users.erp5_users.manage_activateInterfaces([
       'IAuthenticationPlugin',
       'IUserEnumerationPlugin',
@@ -472,6 +475,10 @@ class TestUserManagement(ERP5TypeTestCase):
     self.tic()
     self._assertUserDoesNotExists('the_user', 'secret')
     self._assertUserExists('the_user', 'secret2')
+    self.assertFalse('erp5_users' in \
+                     [x[0] for x in self.portal.acl_users.plugins.listPlugins(IAuthenticationPlugin)])
+    self.assertFalse('erp5_users' in \
+                     [x[0] for x in self.portal.acl_users.plugins.listPlugins(IUserEnumerationPlugin)])
 
   def test_ERP5LoginUserManagerMigration(self):
     acl_users= self.portal.acl_users
@@ -482,7 +489,10 @@ class TestUserManagement(ERP5TypeTestCase):
     self.assertNotEqual(portal_templates.checkConsistency(filter={'constraint_type': 'pre_upgrade'}) , [])
     portal_templates.fixConsistency(filter={'constraint_type': 'pre_upgrade'})
     self.assertEqual(portal_templates.checkConsistency(filter={'constraint_type': 'pre_upgrade'}) , [])
-    self.assertTrue('erp5_login_users' in acl_users)
+    self.assertTrue('erp5_login_users' in \
+                     [x[0] for x in self.portal.acl_users.plugins.listPlugins(IAuthenticationPlugin)])
+    self.assertTrue('erp5_login_users' in \
+                     [x[0] for x in self.portal.acl_users.plugins.listPlugins(IUserEnumerationPlugin)])
 
   def test_AssignmentWithDate(self):
     """Tests a person with an assignment with correct date is a valid user."""