Use PAS API.

Allows being compatible with future, improved PAS plugin features. Also, drop a few useless imports.

Use PAS API.
Allows being compatible with future, improved PAS plugin features. Also, drop a few useless imports.
ecf4af3a · Vincent Pelletier · 1f52711a · ecf4af3a · ecf4af3a · ecf4af3a
Commit ecf4af3a authored Oct 25, 2016 by Vincent Pelletier
17 changed files
--- a/bt5/erp5_banking_core/SkinTemplateItem/portal_skins/erp5_banking_core/Baobab_getCurrentUserTitle.py
+++ b/bt5/erp5_banking_core/SkinTemplateItem/portal_skins/erp5_banking_core/Baobab_getCurrentUserTitle.py
 # get the current logged user site
 if user_id is None:
-  login = context.portal_membership.getAuthenticatedMember().getUserName()
+  person = context.portal_membership.getAuthenticatedMember().getUserValue()
 else:
-  login = user_id
+  person_list = [x for x in context.acl_users.searchUsers(login=user_id, exact_match=True) if 'path' in x]
+  if person_list:
+    person, = person_list
+    person = context.getPortalObject().restrictedTraverse(person['path'])
+  else:
+    person = None

-persons = context.acl_users.erp5_users.getUserByLogin(login)
-
-if len(persons) == 0:
+if person is None:
  #context.log('Baobab_getUserAssignementList', 'Person %s not found' %(login))
  return ""
 else:
-  person = persons[0]
  return person.getTitle()
--- a/bt5/erp5_banking_core/SkinTemplateItem/portal_skins/erp5_banking_core/Baobab_getUserAssignment.py
+++ b/bt5/erp5_banking_core/SkinTemplateItem/portal_skins/erp5_banking_core/Baobab_getUserAssignment.py
 if user_id is None:
-  user_id = context.portal_membership.getAuthenticatedMember().getUserName()
-person_list = context.acl_users.erp5_users.getUserByLogin(user_id)
-if not person_list:
+  person = context.portal_membership.getAuthenticatedMember().getUserValue()
+else:
+  person_list = [x for x in context.acl_users.searchUsers(login=user_id, exact_match=True) if 'path' in x]
+  if person_list:
+    person, = person_list
+    person = context.getPortalObject().restrictedTraverse(person['path'])
+  else:
+    person = None
+if person is None:
  return None
-assignment_list = person_list[0].contentValues(filter={'portal_type': 'Assignment'})
+assignment_list = person.contentValues(filter={'portal_type': 'Assignment'})
 if not assignment_list:
  return None
 valid_assignment = None

--- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_getOwnerTitle.py
+++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_getOwnerTitle.py
@@ -2,8 +2,8 @@
 """
 owner_id_list = [i[0] for i in context.get_local_roles() if 'Owner' in i[1]]
 if owner_id_list:
-  from Products.ERP5Security.ERP5UserManager import getUserByLogin
-  found_user_list = getUserByLogin(context.getPortalObject(), tuple(owner_id_list))
+  found_user_list = [x for x in context.acl_users.searchUsers(id=tuple(owner_id_list), exact_match=True) if 'path' in x]
  if found_user_list:
-    return found_user_list[0].getTitle()
+    found_user, = found_user_list
+    return context.getPortalObject().restrictedTraverse(found_user['path']).getTitle()
  return owner_id_list[0]
--- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/ERP5Site_getAuthenticatedMemberPersonValue.py
+++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/ERP5Site_getAuthenticatedMemberPersonValue.py
@@ -3,9 +3,10 @@ Returns None if no corresponding person, for example when not using ERP5Security
 """
 portal = context.getPortalObject()
 if user_name is None:
-  user_name = portal.portal_membership.getAuthenticatedMember()
-
-from Products.ERP5Security.ERP5UserManager import getUserByLogin
-found_user_list = getUserByLogin(portal, str(user_name))
-if len(found_user_list) == 1:
-  return found_user_list[0]
+  return portal.portal_membership.getAuthenticatedMember().getUserValue()
+user_list = [x for x in portal.acl_users.searchUsers(
+  exact_match=True,
+  id=user_name,
+) if 'path' in x]
+if len(user_list) == 1:
+  return portal.restrictedTraverse(user_list[0]['path'])
--- a/bt5/erp5_configurator_run_my_doc/SkinTemplateItem/portal_skins/erp5_configurator_run_my_doc/BusinessConfiguration_afterRunMyDocConfiguration.py
+++ b/bt5/erp5_configurator_run_my_doc/SkinTemplateItem/portal_skins/erp5_configurator_run_my_doc/BusinessConfiguration_afterRunMyDocConfiguration.py
@@ -76,7 +76,6 @@ for gadget in context.portal_gadgets.objectValues():
    gadget.public()

 # Add a tab and a gadget for everyone
-from Products.ERP5Security.ERP5UserManager import getUserByLogin
 portal = context.getPortalObject()
 for person in context.person_module.objectValues():
  user_name = person.getReference()

--- a/bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov_theme/EGov_setNewPassword.py
+++ b/bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov_theme/EGov_setNewPassword.py
@@ -7,8 +7,8 @@ former_password = request.get("current_password")
 password_confirm = request.get("password_confirm")

 user = getSecurityManager().getUser()
-persons = context.acl_users.erp5_users.getUserByLogin(user)
-person = persons[0]
+person, = context.acl_users.searchUsers(id=user.getUserId(), exact_match=True)
+person = context.getPortalObject().restrictedTraverse(person['path'])

 if not person.checkPassword(former_password):
  msg = translateString("Current password is wrong.")

--- a/bt5/erp5_palo/SkinTemplateItem/portal_skins/erp5_palo/ERP5Site_authenticatePaloUser.py
+++ b/bt5/erp5_palo/SkinTemplateItem/portal_skins/erp5_palo/ERP5Site_authenticatePaloUser.py
 from DateTime import DateTime
-from Products.ERP5Security.ERP5UserManager import getUserByLogin

-person_list = getUserByLogin(context, login)
+person_list = [x for x in context.acl_users.searchUsers(login=login, exact_match=True) if 'path' in x]
 if not person_list:
  return False, []

-person = person_list[0]
+person, = person_list
+person = context.getPortalObject().restrictedTraverse(person['path'])
 if person.getPassword(format='palo_md5') != password:
  return False, []


--- a/bt5/erp5_project/SkinTemplateItem/portal_skins/erp5_project/TaskReport_copyOrderPropertiesAndNotifyAssignee.py
+++ b/bt5/erp5_project/SkinTemplateItem/portal_skins/erp5_project/TaskReport_copyOrderPropertiesAndNotifyAssignee.py
@@ -42,7 +42,7 @@ if (
      destination_decision_person.getDefaultEmailText() and
      destination_decision_person.getReference()
    ):
-  if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())):
+  if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
    message = """A new task has been assigned to you by %(assignor)s.

 This task is named: %(title)s

--- a/bt5/erp5_project/WorkflowTemplateItem/portal_workflow/task_report_workflow/scripts/TaskReportWorkflow_notifyFinishedTaskReport.py
+++ b/bt5/erp5_project/WorkflowTemplateItem/portal_workflow/task_report_workflow/scripts/TaskReportWorkflow_notifyFinishedTaskReport.py
@@ -13,7 +13,7 @@ if source_person is not None \
     and destination_decision_person is not None \
     and destination_decision_person.getDefaultEmailText() \
     and destination_decision_person.getReference():
-  if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())):
+  if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
    message = """
 %s has finished the task report titled with %s.
 Please look at this URL:

--- a/bt5/erp5_project/WorkflowTemplateItem/portal_workflow/task_report_workflow/scripts/TaskReport_notifyAssignee.py
+++ b/bt5/erp5_project/WorkflowTemplateItem/portal_workflow/task_report_workflow/scripts/TaskReport_notifyAssignee.py
@@ -25,7 +25,7 @@ if source_person is not None \
      and destination_decision_person is not None\
      and source_person.getDefaultEmailText() \
      and source_person.getReference():
-  if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())):
+  if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
    message = """
 A question from task has been assigned to you by %(assignor)s.


--- a/bt5/erp5_project/WorkflowTemplateItem/portal_workflow/task_report_workflow/scripts/TaskReport_notifyRestartToAssignee.py
+++ b/bt5/erp5_project/WorkflowTemplateItem/portal_workflow/task_report_workflow/scripts/TaskReport_notifyRestartToAssignee.py
@@ -13,7 +13,7 @@ if source_person is not None \
      and destination_decision_person is not None\
      and source_person.getDefaultEmailText() \
      and source_person.getReference():
-  if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())):
+  if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
    message = """
 Restarted task has been assigned to you by %(assignor)s.


--- a/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_createWebSiteAccount.py
+++ b/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_createWebSiteAccount.py
@@ -37,7 +37,7 @@ if 'password_confirm' in kw:
  del kw['password_confirm']

 #Check that user doesn't already exists
-person_list = portal.acl_users.erp5_users.getUserByLogin(kw['reference'])
+person_list = [x for x in portal.acl_users.searchUsers(login=kw['reference'], exact_match=True) if 'path' in x]
 if person_list:
  msg = translateString("This account already exists. Please provide another email address.")
  kw['portal_status_message'] = msg

--- a/product/ERP5/Tool/PasswordTool.py
+++ b/product/ERP5/Tool/PasswordTool.py
@@ -142,17 +142,21 @@ class PasswordTool(BaseTool):

    msg = None
    # check user exists, and have an email
-    user_list = self.getPortalObject().acl_users.\
-                      erp5_users.getUserByLogin(user_login)
+    user_list = [x for x in self.getPortalObject().acl_users.searchUsers(
+      login=user_login,
+      exact_match=True,
+    ) if 'path' in x]
    if len(user_list) == 0:
      msg = translateString("User ${user} does not exist.",
                            mapping={'user':user_login})
    else:
      # We use checked_permission to prevent errors when trying to acquire
      # email from organisation
-      user = user_list[0]
-      email_value = user.getDefaultEmailValue(
-              checked_permission='Access content information')
+      user, = user_list
+      user_value = self.getPortalObject().unrestrictedTraverse(
+        user['path'])
+      email_value = user_value.getDefaultEmailValue(
+        checked_permission='Access content information')
      if email_value is None or not email_value.asText():
        msg = translateString(
            "User ${user} does not have an email address, please contact site "
@@ -200,7 +204,7 @@ class PasswordTool(BaseTool):
        'language':notification_message.getLanguage(),
      }

-    self.getPortalObject().portal_notifications.sendMessage(sender=sender, recipient=[user,],
+    self.getPortalObject().portal_notifications.sendMessage(sender=sender, recipient=[user_value,],
                                                            subject=subject, message=message,
                                                            store_as_event=store_as_event,
                                                            message_text_format=message_text_format,
@@ -272,11 +276,15 @@ class PasswordTool(BaseTool):
      # XXX: incorrect grammar
      return error("Date has expire.")
    del self._password_request_dict[password_key]
-    persons = self.getPortalObject().acl_users.erp5_users.getUserByLogin(
-      register_user_login)
-    person = persons[0]
-    person._forceSetPassword(password)
-    person.reindexObject()
+    portal = self.getPortalObject()
+    user_dict, = portal.acl_users.searchUsers(
+      login=register_user_login,
+      exact_match=True,
+    )
+    login_dict, = user_dict['login_list']
+    login = portal.unrestrictedTraverse(login_dict['path'])
+    login._forceSetPassword(password)
+    login.reindexObject()
    return redirect(REQUEST, site_url,
                    translateString("Password changed."))


--- a/product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
+++ b/product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
@@ -53,18 +53,19 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec

  category_list = []

-  person_object_list = self.portal_catalog.unrestrictedSearchResults(
-    query=SimpleQuery(reference=user_name), portal_type='Person')
-
-  if len(person_object_list) != 1:
-    if len(person_object_list) > 1:
-      raise ConsistencyError, "Error: There is more than one Person with reference '%s'" % user_name
-    else:
-      # if a person_object was not found in the module, we do nothing more
-      # this happens for example when a manager with no associated person object
-      # creates a person_object for a new user
-      return []
-  person_object = person_object_list[0].getObject()
+  user_list = [
+    x for x in self.acl_users.searchUsers(
+      id=user_name,
+      exact_match=True,
+    ) if 'path' in x
+  ]
+  if not user_list:
+    # if a person_object was not found in the module, we do nothing more
+    # this happens for example when a manager with no associated person object
+    # creates a person_object for a new user
+    return []
+  user, = user_list
+  person_object = self.getPortalObject().unrestrictedTraverse(user['path'])

  # We look for every valid assignments of this user
  for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):

--- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/PreferenceTool_setNewPassword.py
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/PreferenceTool_setNewPassword.py
@@ -6,8 +6,8 @@ new_password = request.get("new_password")
 former_password = request.get("current_password")

 user = getSecurityManager().getUser()
-persons = context.acl_users.erp5_users.getUserByLogin(user)
-person = persons[0]
+person, = context.acl_users.searchUsers(id=user.getId(), exact_match=True)
+person = context.getPortalObject().restrictedTraverse(person['path'])

 if not person.checkPassword(former_password):
  msg = translateString("Current password is wrong.")

--- a/product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
+++ b/product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
@@ -39,7 +39,6 @@ from AccessControl.SecurityManagement import getSecurityManager, \
  setSecurityManager, newSecurityManager
 from Products.ERP5Type.Cache import DEFAULT_CACHE_SCOPE
 import socket
-from Products.ERP5Security.ERP5UserManager import getUserByLogin
 from zLOG import LOG, ERROR, INFO

 try:
@@ -181,8 +180,7 @@ class ERP5ExternalOauth2ExtractionPlugin:
      self.REQUEST['USER_CREATION_IN_PROGRESS'] = user
    else:
      # create the user if not found
-      person_list = getUserByLogin(self.getPortalObject(), user)
-      if len(person_list) == 0:
+      if not self.searchUsers(id=user, exact_match=True):
        sm = getSecurityManager()
        if sm.getUser().getId() != SUPER_USER:
          newSecurityManager(self, self.getUser(SUPER_USER))

--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -87,7 +87,7 @@ class ERP5GroupManager(BasePlugin):
      return ()

    @UnrestrictedMethod
-    def _getGroupsForPrincipal(user_name, path):
+    def _getGroupsForPrincipal(user_id, path):
      security_category_dict = {} # key is the base_category_list,
                                  # value is the list of fetched categories
      security_group_list = []
@@ -117,17 +117,15 @@ class ERP5GroupManager(BasePlugin):
        else:
          security_definition_list = mapping_method()

-        # get the person from its reference - no security check needed
-        catalog_result = self.portal_catalog.unrestrictedSearchResults(
-            portal_type="Person", query=SimpleQuery(reference=user_name))
-        if len(catalog_result) != 1: # we won't proceed with groups
-          if len(catalog_result) > 1: # configuration is screwed
-            raise ConsistencyError, 'There is more than one Person whose \
-                login is %s : %s' % (user_name,
-                repr([r.getObject() for r in catalog_result]))
-          else: # no person is linked to this user login
-            return ()
-        person_object = catalog_result[0].getObject()
+        # get the person from its login - no security check needed
+        user_list = [
+          x for x in self.searchUsers(id=user_id, exact_match=True)
+          if 'path' in x
+        ]
+        if not user_list:
+          return ()
+        user, = user_list
+        person_object = self.getPortalObject().unrestrictedTraverse(user['path'])

        # Fetch category values from defined scripts
        for (method_name, base_category_list) in security_definition_list:
@@ -141,7 +139,7 @@ class ERP5GroupManager(BasePlugin):
            # Currently, passing portal_type='' (instead of 'Person')
            # is the only way to make the difference.
            security_category_list.extend(
-              method(base_category_list, user_name, person_object, '')
+              method(base_category_list, user_id, person_object, '')
            )
          except ConflictError:
            raise
@@ -184,7 +182,7 @@ class ERP5GroupManager(BasePlugin):
                                             cache_factory='erp5_content_short')

    return _getGroupsForPrincipal(
-                user_name=principal.getId(),
+                user_id=principal.getId(),
                path=self.getPhysicalPath())