ERP5Security: Add a PAS plugin for ERP5 Login authentication.

In addition to ERP5 Login-based authentication and enumeration support, reserve special Zope users.

ERP5Security: Add a PAS plugin for ERP5 Login authentication.
In addition to ERP5 Login-based authentication and enumeration support, reserve special Zope users.
cc4f6f3a · Vincent Pelletier · 430596e5 · cc4f6f3a · cc4f6f3a · cc4f6f3a
Commit cc4f6f3a authored Oct 24, 2016 by Vincent Pelletier
4 changed files
--- a/product/ERP5/Document/Person.py
+++ b/product/ERP5/Document/Person.py
@@ -38,6 +38,7 @@ from Products.ERP5.mixin.login_account_provider import LoginAccountProviderMixin
 try:
  from Products import PluggableAuthService
  from Products.ERP5Security.ERP5UserManager import ERP5UserManager
+  from Products.ERP5Security.ERP5LoginUserManager import ERP5LoginUserManager
 except ImportError:
  PluggableAuthService = None

@@ -128,7 +129,7 @@ class Person(Node, LoginAccountProviderMixin, EncryptedPasswordMixin):
        - we want to apply a different permission

        - we want to prevent duplicated user ids, but only when
-          PAS _AND_ ERP5UserManager are used
+          PAS _AND_ (ERP5UserManager or ERP5LoginUserManager) are used
      """
      activate_kw = {}
      portal = self.getPortalObject()
@@ -143,7 +144,7 @@ class Person(Node, LoginAccountProviderMixin, EncryptedPasswordMixin):
          plugin_list = acl_users.plugins.listPlugins(
              PluggableAuthService.interfaces.plugins.IUserEnumerationPlugin)
          for plugin_name, plugin_value in plugin_list:
-            if isinstance(plugin_value, ERP5UserManager):
+            if isinstance(plugin_value, (ERP5UserManager, ERP5LoginUserManager)):
              user_list = acl_users.searchUsers(id=value,
                                                exact_match=True)
              if len(user_list) > 0:

--- a/product/ERP5Security/ERP5LoginUserManager.py
+++ b/product/ERP5Security/ERP5LoginUserManager.py
--- a/product/ERP5Security/__init__.py
+++ b/product/ERP5Security/__init__.py
@@ -54,6 +54,7 @@ def mergedLocalRoles(object):

 def initialize(context):
  import ERP5UserManager
+  import ERP5LoginUserManager
  import ERP5GroupManager
  import ERP5RoleManager
  import ERP5UserFactory
@@ -65,6 +66,7 @@ def initialize(context):
  import ERP5DumbHTTPExtractionPlugin

  registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
+  registerMultiPlugin(ERP5LoginUserManager.ERP5LoginUserManager.meta_type)
  registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
  registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
  registerMultiPlugin(ERP5UserFactory.ERP5UserFactory.meta_type)
@@ -86,6 +88,15 @@ def initialize(context):
                       , icon='www/portal.gif'
                       )

+  context.registerClass( ERP5LoginUserManager.ERP5LoginUserManager
+                       , permission=ManageUsers
+                       , constructors=(
+                          ERP5LoginUserManager.manage_addERP5LoginUserManagerForm,
+                          ERP5LoginUserManager.addERP5LoginUserManager, )
+                       , visibility=None
+                       , icon='www/portal.gif'
+                       )
+
  context.registerClass( ERP5GroupManager.ERP5GroupManager
                       , permission=ManageGroups
                       , constructors=(

--- a/product/ERP5Security/www/ERP5Security_addERP5LoginUserManager.zpt
+++ b/product/ERP5Security/www/ERP5Security_addERP5LoginUserManager.zpt
+<h1 tal:replace="structure here/manage_page_header">Header</h1>
+
+<h2 tal:define="form_title string:Add ERP5 User Manager"
+    tal:replace="structure here/manage_form_title">Form Title</h2>
+
+<p class="form-help">
+ERP5 User Manager applys the users managed in ERP5 person moduel
+to the Pluggable Authentication Service
+</p>
+
+<form action="addERP5LoginUserManager" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Id
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="id" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-optional">
+    Title
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="title" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    </td>
+    <td align="left" valign="top">
+    <div class="form-element">
+    <input class="form-element" type="submit" name="submit" 
+     value=" Add " /> 
+    </div>
+    </td>
+  </tr>
+</table>
+</form>
+
+<h1 tal:replace="structure here/manage_page_footer">Footer</h1>