ERP5Security: cleanup. fix indentation and remove unused import.

975ad4d7 · Kazuhiko Shiozaki · 3751610a · 975ad4d7 · 975ad4d7 · 975ad4d7
Commit 975ad4d7 authored Nov 26, 2015 by Kazuhiko Shiozaki
11 changed files
--- a/product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
+++ b/product/ERP5Security/ERP5AccessTokenExtractionPlugin.py
@@ -28,7 +28,6 @@
 #
 ##############################################################################
-from zLOG import LOG, PROBLEM
 from Products.ERP5Type.Globals import InitializeClass
 from AccessControl import ClassSecurityInfo
@@ -102,11 +101,11 @@ def addERP5AccessTokenExtractionPlugin(dispatcher, id, title=None, REQUEST=None)
  dispatcher._setObject(plugin.getId(), plugin)
  if REQUEST is not None:
-      REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-          '%s/manage_workspace'
+      '%s/manage_workspace'
-          '?manage_tabs_message='
+      '?manage_tabs_message='
-          'ERP5AccessTokenExtractionPlugin+added.'
+      'ERP5AccessTokenExtractionPlugin+added.'
-          % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 #List implementation of class
 classImplements(ERP5AccessTokenExtractionPlugin,

--- a/product/ERP5Security/ERP5BearerExtractionPlugin.py
+++ b/product/ERP5Security/ERP5BearerExtractionPlugin.py
@@ -35,8 +35,8 @@ from Products.PluggableAuthService.utils import classImplements
 from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
 from Products.ERP5Security.ERP5UserManager import SUPER_USER
 from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor
-from AccessControl.SecurityManagement import getSecurityManager,\
+from AccessControl.SecurityManagement import getSecurityManager, \
-    setSecurityManager, newSecurityManager
+  setSecurityManager, newSecurityManager
 #Form for new plugin in ZMI
 manage_addERP5BearerExtractionPluginForm = PageTemplateFile(
@@ -50,11 +50,11 @@ def addERP5BearerExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
  dispatcher._setObject(plugin.getId(), plugin)
  if REQUEST is not None:
-      REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-          '%s/manage_workspace'
+      '%s/manage_workspace'
-          '?manage_tabs_message='
+      '?manage_tabs_message='
-          'ERP5BearerExtractionPlugin+added.'
+      'ERP5BearerExtractionPlugin+added.'
-          % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 class ERP5BearerExtractionPlugin(BasePlugin):
  """

--- a/product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
+++ b/product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py
@@ -69,11 +69,11 @@ def addERP5DumbHTTPExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
  dispatcher._setObject(plugin.getId(), plugin)
  if REQUEST is not None:
-      REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-          '%s/manage_workspace'
+      '%s/manage_workspace'
-          '?manage_tabs_message='
+      '?manage_tabs_message='
-          'ERP5DumbHTTPExtractionPlugin+added.'
+      'ERP5DumbHTTPExtractionPlugin+added.'
-          % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 #List implementation of class
 classImplements(ERP5DumbHTTPExtractionPlugin,

--- a/product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
+++ b/product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
@@ -49,11 +49,11 @@ def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key=
  dispatcher._setObject(plugin.getId(), plugin)
  if REQUEST is not None:
-      REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-          '%s/manage_workspace'
+      '%s/manage_workspace'
-          '?manage_tabs_message='
+      '?manage_tabs_message='
-          'ERP5ExternalAuthenticationPlugin+added.'
+      'ERP5ExternalAuthenticationPlugin+added.'
-          % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 class ERP5ExternalAuthenticationPlugin(BasePlugin):
  """

--- a/product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
+++ b/product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
@@ -35,8 +35,8 @@ from Products.PluggableAuthService.utils import classImplements
 from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
 from Products.ERP5Security.ERP5UserManager import SUPER_USER
 from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor
-from AccessControl.SecurityManagement import getSecurityManager,\
+from AccessControl.SecurityManagement import getSecurityManager, \
-    setSecurityManager, newSecurityManager
+  setSecurityManager, newSecurityManager
 from Products.ERP5Type.Cache import DEFAULT_CACHE_SCOPE
 import socket
 from Products.ERP5Security.ERP5UserManager import getUserByLogin
@@ -66,11 +66,11 @@ def addERP5FacebookExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
  dispatcher._setObject(plugin.getId(), plugin)
  if REQUEST is not None:
-      REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-          '%s/manage_workspace'
+      '%s/manage_workspace'
-          '?manage_tabs_message='
+      '?manage_tabs_message='
-          'ERP5FacebookExtractionPlugin+added.'
+      'ERP5FacebookExtractionPlugin+added.'
-          % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 #Form for new plugin in ZMI
 manage_addERP5GoogleExtractionPluginForm = PageTemplateFile(
@@ -84,11 +84,11 @@ def addERP5GoogleExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
  dispatcher._setObject(plugin.getId(), plugin)
  if REQUEST is not None:
-      REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-          '%s/manage_workspace'
+      '%s/manage_workspace'
-          '?manage_tabs_message='
+      '?manage_tabs_message='
-          'ERP5GoogleExtractionPlugin+added.'
+      'ERP5GoogleExtractionPlugin+added.'
-          % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 class ERP5ExternalOauth2ExtractionPlugin:

--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -17,8 +17,6 @@
 from Products.ERP5Type.Globals import InitializeClass
 from AccessControl import ClassSecurityInfo
-from AccessControl.SecurityManagement import newSecurityManager,\
-    getSecurityManager, setSecurityManager
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
 from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
 from Products.PluggableAuthService.utils import classImplements
@@ -28,7 +26,6 @@ from Products.ERP5Type.ERP5Type \
  import ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
 from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
 from Products.ZSQLCatalog.SQLCatalog import SimpleQuery
-from Products.PluggableAuthService.PropertiedUser import PropertiedUser
 from ZODB.POSException import ConflictError
 import sys
@@ -130,7 +127,6 @@ class ERP5GroupManager(BasePlugin):
          else: # no person is linked to this user login
            return ()
        person_object = catalog_result[0].getObject()
-        person_id = person_object.getId()
        # Fetch category values from defined scripts
        for (method_name, base_category_list) in security_definition_list:

--- a/product/ERP5Security/ERP5KeyAuthPlugin.py
+++ b/product/ERP5Security/ERP5KeyAuthPlugin.py
@@ -35,9 +35,6 @@ from Products.ERP5Type.Globals import InitializeClass
 from zope.interface import Interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.SecurityManagement import getSecurityManager,\
-                                             newSecurityManager,\
-                                             setSecurityManager
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
@@ -49,8 +46,8 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
 from Products.ERP5Type.Cache import CachingMethod
 from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
-from Products.ERP5Security.ERP5UserManager import ERP5UserManager,\
+from Products.ERP5Security.ERP5UserManager import ERP5UserManager, \
-                                                  SUPER_USER,\
+                                                  SUPER_USER, \
                                                  _AuthenticationFailure
 from Crypto.Cipher import AES
@@ -136,22 +133,22 @@ manage_addERP5KeyAuthPluginForm = PageTemplateFile(
    'www/ERP5Security_addERP5KeyAuthPlugin', globals(),
    __name__='manage_addERP5KeyAuthPluginForm')
-def addERP5KeyAuthPlugin(dispatcher, id, title=None,\
+def addERP5KeyAuthPlugin(dispatcher, id, title=None,
-                         encryption_key='', cipher='AES', cookie_name='',\
+                         encryption_key='', cipher='AES', cookie_name='',
                         default_cookie_name='',REQUEST=None):
-    """ Add a ERP5KeyAuthPlugin to a Pluggable Auth Service. """
+  """ Add a ERP5KeyAuthPlugin to a Pluggable Auth Service. """
-    plugin = ERP5KeyAuthPlugin(id=id, title=title, encryption_key=encryption_key,
+  plugin = ERP5KeyAuthPlugin(id=id, title=title, encryption_key=encryption_key,
-                               cipher=cipher, cookie_name=cookie_name,
+                             cipher=cipher, cookie_name=cookie_name,
-                               default_cookie_name=default_cookie_name)
+                             default_cookie_name=default_cookie_name)
-    dispatcher._setObject(plugin.getId(), plugin)
+  dispatcher._setObject(plugin.getId(), plugin)
-    if REQUEST is not None:
+  if REQUEST is not None:
-        REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-                                '%s/manage_workspace'
+      '%s/manage_workspace'
-                                '?manage_tabs_message='
+      '?manage_tabs_message='
-                                'ERP5KeyAuthPlugin+added.'
+      'ERP5KeyAuthPlugin+added.'
-                            % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
  """
@@ -277,9 +274,9 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
      if creds:
        creds['remote_host'] = request.get('REMOTE_HOST', '')
        try:
-            creds['remote_address'] = request.getClientAddr()
+          creds['remote_address'] = request.getClientAddr()
        except AttributeError:
-            creds['remote_address'] = request.get('REMOTE_ADDR', '')
+          creds['remote_address'] = request.get('REMOTE_ADDR', '')
    except StandardError, e:
      #Log standard error to check error
      LOG('ERP5KeyAuthPlugin.extractCredentials', PROBLEM, str(e))
@@ -373,14 +370,13 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
                                                id='ERP5KeyAuthPlugin_authenticateCredentials',
                                                cache_factory='erp5_content_short')
      try:
-          return _authenticateCredentials(
+        return _authenticateCredentials(login=login)
-                          login=login)
      except _AuthenticationFailure:
-            return None
+        return None
      except StandardError, e:
-          #Log standard error
+        #Log standard error
-          LOG('ERP5KeyAuthPlugin.authenticateCredentials', PROBLEM, str(e))
+        LOG('ERP5KeyAuthPlugin.authenticateCredentials', PROBLEM, str(e))
-          return None
+        return None
  ################################
  # Properties for ZMI managment #
@@ -429,8 +425,8 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
    #Redirect
    if RESPONSE is not None:
      if error_message != '':
-          self.REQUEST.form['manage_tabs_message'] = error_message
+        self.REQUEST.form['manage_tabs_message'] = error_message
-          return self.manage_editERP5KeyAuthPluginForm(RESPONSE)
+        return self.manage_editERP5KeyAuthPluginForm(RESPONSE)
      else:
        message = "Updated"
        RESPONSE.redirect( '%s/manage_editERP5KeyAuthPluginForm'

--- a/product/ERP5Security/ERP5RoleManager.py
+++ b/product/ERP5Security/ERP5RoleManager.py
@@ -20,60 +20,60 @@ from AccessControl import ClassSecurityInfo
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
 from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
 from Products.PluggableAuthService.utils import classImplements
-from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin,\
+from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin, \
-                                                    IRoleEnumerationPlugin
+  IRoleEnumerationPlugin
 from ERP5UserManager import SUPER_USER
 manage_addERP5RoleManagerForm = PageTemplateFile(
-    'www/ERP5Security_addERP5RoleManager', globals(),
+  'www/ERP5Security_addERP5RoleManager', globals(),
-    __name__='manage_addERP5RoleManagerForm' )
+  __name__='manage_addERP5RoleManagerForm' )
 def addERP5RoleManager( dispatcher, id, title=None, REQUEST=None ):
-    """ Add a ERP5RoleManager to a Pluggable Auth Service. """
+  """ Add a ERP5RoleManager to a Pluggable Auth Service. """
-    erm = ERP5RoleManager(id, title)
+  erm = ERP5RoleManager(id, title)
-    dispatcher._setObject(erm.getId(), erm)
+  dispatcher._setObject(erm.getId(), erm)
-    if REQUEST is not None:
+  if REQUEST is not None:
-        REQUEST['RESPONSE'].redirect(
+    REQUEST['RESPONSE'].redirect(
-                                '%s/manage_workspace'
+      '%s/manage_workspace'
-                                '?manage_tabs_message='
+      '?manage_tabs_message='
-                                'ERP5RoleManager+added.'
+      'ERP5RoleManager+added.'
-                            % dispatcher.absolute_url())
+      % dispatcher.absolute_url())
 class ERP5RoleManager( BasePlugin ):
-    """ PAS plugin to add 'Member' as default
+  """ PAS plugin to add 'Member' as default
-    Role for every user.
+  Role for every user.
+  """
+  meta_type = 'ERP5 Role Manager'
+  security = ClassSecurityInfo()
+  def __init__(self, id, title=None):
+    self._id = self.id = id
+    self.title = title
+  #
+  #   IRolesPlugin implementation
+  #
+  security.declarePrivate( 'getRolesForPrincipal' )
+  def getRolesForPrincipal( self, principal, request=None ):
+    """ See IRolesPlugin.
+    We only ever return Member for every principal
    """
-    meta_type = 'ERP5 Role Manager'
+    if principal.getId() == SUPER_USER:
+      # If this is the super user, give all the roles present in this system.
-    security = ClassSecurityInfo()
+      # XXX no API to do this in PAS.
+      rolemakers = self._getPAS().plugins.listPlugins( IRoleEnumerationPlugin )
-    def __init__(self, id, title=None):
+      roles = []
+      for rolemaker_id, rolemaker in rolemakers:
-        self._id = self.id = id
+        roles.extend([role['id'] for role in rolemaker.enumerateRoles()])
-        self.title = title
+      return tuple(roles)
-    #
+    return ('Member',)
-    #   IRolesPlugin implementation
-    #
-    security.declarePrivate( 'getRolesForPrincipal' )
-    def getRolesForPrincipal( self, principal, request=None ):
-        """ See IRolesPlugin.
-        We only ever return Member for every principal
-        """
-        if principal.getId() == SUPER_USER:
-          # If this is the super user, give all the roles present in this system.
-          # XXX no API to do this in PAS.
-          rolemakers = self._getPAS().plugins.listPlugins( IRoleEnumerationPlugin )
-          roles = []
-          for rolemaker_id, rolemaker in rolemakers:
-            roles.extend([role['id'] for role in rolemaker.enumerateRoles()])
-          return tuple(roles)
-        return ('Member',)
 classImplements( ERP5RoleManager
               , IRolesPlugin

--- a/product/ERP5Security/ERP5UserFactory.py
+++ b/product/ERP5Security/ERP5UserFactory.py
@@ -61,7 +61,7 @@ class ERP5User(PropertiedUser):
    principal_ids = list( group_ids )
    principal_ids.insert( 0, user_id )
-    local ={}
+    local = {}
    object = aq_inner( object )
    while 1:
@@ -98,102 +98,102 @@ class ERP5User(PropertiedUser):
    return list( self.getRoles() ) + local.keys()
  def allowed( self, object, object_roles=None ):
-      """ Check whether the user has access to object.
+    """ Check whether the user has access to object.
-      As for getRolesInContext, we take into account _getAcquireLocalRoles for
+    As for getRolesInContext, we take into account _getAcquireLocalRoles for
-      ERP5.
+    ERP5.
-      """
+    """
-      if self.getUserName() == SUPER_USER:
+    if self.getUserName() == SUPER_USER:
-        # super user is allowed to accesss any object
+      # super user is allowed to accesss any object
-        return 1
+      return 1
-      if object_roles is _what_not_even_god_should_do:
+    if object_roles is _what_not_even_god_should_do:
-        return 0
+      return 0
+    # Short-circuit the common case of anonymous access.
+    if object_roles is None or 'Anonymous' in object_roles:
+      return 1
+    # Check for Developer Role, see patches.User for rationale
+    # XXX-arnau: copy/paste
+    object_roles = set(object_roles)
+    if 'Developer' in object_roles:
+      object_roles.remove('Developer')
+      product_config = getattr(getConfiguration(), 'product_config', None)
+      if product_config:
+        config = product_config.get('erp5')
+        if config and self.getId() in config.developer_list:
+          return 1
-      # Short-circuit the common case of anonymous access.
+    # Provide short-cut access if object is protected by 'Authenticated'
+    # role and user is not nobody
+    if 'Authenticated' in object_roles and (
+      self.getUserName() != 'Anonymous User'):
+      return 1
+    # Check for ancient role data up front, convert if found.
+    # This should almost never happen, and should probably be
+    # deprecated at some point.
+    if 'Shared' in object_roles:
+      object_roles = self._shared_roles(object)
      if object_roles is None or 'Anonymous' in object_roles:
        return 1
-      # Check for Developer Role, see patches.User for rationale
+    # Check for a role match with the normal roles given to
-      # XXX-arnau: copy/paste
+    # the user, then with local roles only if necessary. We
-      object_roles = set(object_roles)
+    # want to avoid as much overhead as possible.
-      if 'Developer' in object_roles:
+    user_roles = self.getRoles()
-        object_roles.remove('Developer')
+    for role in object_roles:
-        product_config = getattr(getConfiguration(), 'product_config', None)
+      if role in user_roles:
-        if product_config:
+        if self._check_context(object):
-          config = product_config.get('erp5')
-          if config and self.getId() in config.developer_list:
-            return 1
-      # Provide short-cut access if object is protected by 'Authenticated'
-      # role and user is not nobody
-      if 'Authenticated' in object_roles and (
-        self.getUserName() != 'Anonymous User'):
-        return 1
-      # Check for ancient role data up front, convert if found.
-      # This should almost never happen, and should probably be
-      # deprecated at some point.
-      if 'Shared' in object_roles:
-        object_roles = self._shared_roles(object)
-        if object_roles is None or 'Anonymous' in object_roles:
          return 1
+        return None
+    # Still have not found a match, so check local roles. We do
+    # this manually rather than call getRolesInContext so that
+    # we can incur only the overhead required to find a match.
+    inner_obj = aq_inner( object )
+    user_id = self.getId()
+    # [ x.getId() for x in self.getGroups() ]
+    group_ids = self.getGroups()
+    principal_ids = list( group_ids )
+    principal_ids.insert( 0, user_id )
+    while 1:
+      local_roles = getattr( inner_obj, '__ac_local_roles__', None )
+      if local_roles:
+        if callable( local_roles ):
+          local_roles = local_roles()
+        dict = local_roles or {}
+        for principal_id in principal_ids:
+          local_roles = dict.get( principal_id, [] )
+          for role in object_roles:
+            if role in local_roles:
+              if self._check_context( object ):
+                return 1
+              return 0
+      # patch by Klaus for LocalRole blocking
+      if getattr(inner_obj, '_getAcquireLocalRoles', None) is not None:
+        if not inner_obj._getAcquireLocalRoles():
+          break
+      inner = aq_inner( inner_obj )
+      parent = aq_parent( inner )
+      if parent is not None:
+        inner_obj = parent
+        continue
+      new = getattr( inner_obj, 'im_self', None )
+      if new is not None:
+        inner_obj = aq_inner( new )
+        continue
+      break
-      # Check for a role match with the normal roles given to
+    return None
-      # the user, then with local roles only if necessary. We
-      # want to avoid as much overhead as possible.
-      user_roles = self.getRoles()
-      for role in object_roles:
-        if role in user_roles:
-          if self._check_context(object):
-            return 1
-          return None
-      # Still have not found a match, so check local roles. We do
-      # this manually rather than call getRolesInContext so that
-      # we can incur only the overhead required to find a match.
-      inner_obj = aq_inner( object )
-      user_id = self.getId()
-      # [ x.getId() for x in self.getGroups() ]
-      group_ids = self.getGroups()
-      principal_ids = list( group_ids )
-      principal_ids.insert( 0, user_id )
-      while 1:
-        local_roles = getattr( inner_obj, '__ac_local_roles__', None )
-        if local_roles:
-          if callable( local_roles ):
-            local_roles = local_roles()
-          dict = local_roles or {}
-          for principal_id in principal_ids:
-            local_roles = dict.get( principal_id, [] )
-            for role in object_roles:
-              if role in local_roles:
-                if self._check_context( object ):
-                  return 1
-                return 0
-        # patch by Klaus for LocalRole blocking
-        if getattr(inner_obj, '_getAcquireLocalRoles', None) is not None:
-          if not inner_obj._getAcquireLocalRoles():
-            break
-        inner = aq_inner( inner_obj )
-        parent = aq_parent( inner )
-        if parent is not None:
-          inner_obj = parent
-          continue
-        new = getattr( inner_obj, 'im_self', None )
-        if new is not None:
-          inner_obj = aq_inner( new )
-          continue
-        break
-      return None
 InitializeClass(ERP5User)

--- a/product/ERP5Security/ERP5UserManager.py
+++ b/product/ERP5Security/ERP5UserManager.py
--- a/product/ERP5Security/__init__.py
+++ b/product/ERP5Security/__init__.py