diff --git a/product/ERP5/mixin/extensible_traversable.py b/product/ERP5/mixin/extensible_traversable.py index cf251fe40cc6cc5c7089e723dd4da7475e80fc67..5d64d60cde359c78596c779296caa2388ca1fa1d 100644 --- a/product/ERP5/mixin/extensible_traversable.py +++ b/product/ERP5/mixin/extensible_traversable.py @@ -96,11 +96,18 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn): else: has_published = True try: - auth = request._auth - # this logic is copied from identify() in - # AccessControl.User.BasicUserFolder. - if auth and auth.lower().startswith('basic '): - name = decodestring(auth.split(' ')[-1]).split(':', 1)[0] + name = None + acl_users = self.getPortalObject().acl_users + user_list = acl_users._extractUserIds(request, acl_users.plugins) + if len(user_list) > 0: + name = user_list[0][0] + else: + auth = request._auth + # this logic is copied from identify() in + # AccessControl.User.BasicUserFolder. + if auth and auth.lower().startswith('basic '): + name = decodestring(auth.split(' ')[-1]).split(':', 1)[0] + if name is not None: user = portal_membership._huntUser(name, self) else: user = None diff --git a/product/ERP5Security/tests/testERP5Security.py b/product/ERP5Security/tests/testERP5Security.py index badd67fbc31575f131dd162e20f6594e5860cfe8..4e70688cfeb95dcd6919cacc78e946980c1ef743 100644 --- a/product/ERP5Security/tests/testERP5Security.py +++ b/product/ERP5Security/tests/testERP5Security.py @@ -762,6 +762,12 @@ class TestLocalRoleManagement(ERP5TypeTestCase): response = self.publish('%s/%s?__ac_key=%s' %(base_url, web_page.getReference(), key)) self.assertEqual(response.getStatus(), 200) + response = self.publish('%s/%s?__ac_name=%s&__ac_password=%s' % ( + base_url, web_page.getReference(), reference, 'guest')) + self.assertEqual(response.getStatus(), 200) + response = self.publish('%s/%s?__ac_name=%s&__ac_password=%s' % ( + base_url, web_page.getReference(), 'ERP5TypeTestCase', '')) + self.assertEqual(response.getStatus(), 200) def testERP5ExternalAuthenticationPlugin(self): """