Commit b7a484dd authored by Jérome Perrin's avatar Jérome Perrin

ERP5UserManager.enumerateUsers is used in two modes, exact_match=True and

exact_match=False. If exact_match were False, then % were added around the
login, which ZSQLCatalog interprated as a KeyWord search automatically.
Now that ZSQLCatalog supports forcing the query type, exact_match=True will
force the use of an ExactMatch key and exact_match=False the use of a KeyWord
key. This way logins containing SQL characters are now supported. This requires
latest fixes to ZSQLCatalog.



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@22224 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 2d6ecbd7
......@@ -150,10 +150,7 @@ class ERP5UserManager(BasePlugin):
}
user_info.append(info)
else:
if exact_match:
id_list.append(id)
else:
id_list.append('%%%s%%' % id)
id_list.append(id)
if id_list:
for user in self.getUserByLogin(tuple(id_list), exact_match=exact_match):
......@@ -202,9 +199,16 @@ class ERP5UserManager(BasePlugin):
try:
try:
if exact_match:
reference_key = 'ExactMatch'
else:
reference_key = 'Keyword'
result = portal.portal_catalog.unrestrictedSearchResults(
select_expression='reference',
portal_type="Person", reference=login)
select_expression='reference',
portal_type="Person",
reference=dict(query=login,
key=reference_key))
except ConflictError:
raise
except:
......
......@@ -170,6 +170,26 @@ class TestUserManagement(ERP5TypeTestCase):
self._assertUserDoesNotExists('bar', 'secret')
self._assertUserDoesNotExists('bar OR foo', 'secret')
def test_PersonLoginQuote(self):
p = self._makePerson(reference="'", password='secret',)
self._assertUserExists("'", 'secret')
def test_PersonLogin_OR_Keyword(self):
p = self._makePerson(reference='foo OR bar', password='secret',)
self._assertUserExists('foo OR bar', 'secret')
self._assertUserDoesNotExists('foo', 'secret')
def test_PersonLoginCatalogKeyWord(self):
# use something that would turn the username in a ZSQLCatalog catalog keyword
p = self._makePerson(reference="foo%", password='secret',)
self._assertUserExists("foo%", 'secret')
self._assertUserDoesNotExists("foo", 'secret')
self._assertUserDoesNotExists("foobar", 'secret')
def test_PersonLoginNGT(self):
p = self._makePerson(reference='< foo', password='secret',)
self._assertUserExists('< foo', 'secret')
def test_PersonLoginNonAscii(self):
"""Login can contain non ascii chars."""
p = self._makePerson(reference='j\xc3\xa9', password='secret',)
......@@ -202,6 +222,21 @@ class TestUserManagement(ERP5TypeTestCase):
from Products.ERP5Security.ERP5UserManager import SUPER_USER
self._assertUserDoesNotExists(SUPER_USER, '')
def test_searchUsers(self):
p1 = self._makePerson(reference='person1')
p2 = self._makePerson(reference='person2')
self.assertEquals(set(['person1', 'person2']),
set([x['userid'] for x in
self.portal.acl_users.searchUsers(id='person')]))
def test_searchUsersExactMatch(self):
p = self._makePerson(reference='person')
p1 = self._makePerson(reference='person1')
p2 = self._makePerson(reference='person2')
self.assertEquals(['person', ],
[x['userid'] for x in
self.portal.acl_users.searchUsers(id='person', exact_match=True)])
def test_MultiplePersonReference(self):
"""Tests that it's refused to create two Persons with same reference."""
self._makePerson(reference='new_person')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment