1. 26 Oct, 2016 2 commits
  2. 19 Feb, 2016 1 commit
    • Łukasz Nowak's avatar
      Expose helper method. · 6e2c5987
      Łukasz Nowak authored
      The logic of assignments checking shall be easy to use by other plugins in
      order to avoid code duplication and minimise risk of non fixed security issues.
      6e2c5987
  3. 30 Nov, 2015 3 commits
  4. 10 Jun, 2015 1 commit
  5. 04 Nov, 2014 1 commit
  6. 09 Sep, 2014 1 commit
  7. 08 Sep, 2014 1 commit
  8. 04 Sep, 2014 1 commit
  9. 02 Jun, 2012 1 commit
    • Kazuhiko Shiozaki's avatar
      use UnrestrictedMethod's super user instead of ad-hoc SUPER_USER. Squashed commit of the following: · 4b16e1dd
      Kazuhiko Shiozaki authored
      commit 2ba8fb59b67cda4a35bda5ee809ac0dd6af40d84
      Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
      Date:   Fri Jun 1 23:26:30 2012 +0200
      
          if the activity is called by super user, it should be invoked with the same permission as UnrestrictedMethod.
      
      commit f63c2e8625934d0a5a056e933f4c7215098bfa1b
      Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
      Date:   Fri Jun 1 15:58:41 2012 +0200
      
          use UnrestrictedMethod's super user instead of ad-hoc SUPER_USER.
      
      commit 965460b092967bc3ada3ee7268e1f942fc770efd
      Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
      Date:   Fri Jun 1 15:57:45 2012 +0200
      
          security query for super user should be simply empty.
      
      commit 6d519b78f52f1a631d6663ee5594ae92a0730cc3
      Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
      Date:   Fri Jun 1 15:37:33 2012 +0200
      
          support both ERP5Security's SUPER_USER and UnrestrictedMethod's super user.
      
      commit 21431518b821a5e2756caad5393fc746bed79d36
      Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
      Date:   Fri Jun 1 15:32:45 2012 +0200
      
          make sure that SUPER_USER can access the object explicitly, that can be required with erp5_web.
      
      commit 63279ac74cbb40e520da36571927bfdee5af5e05
      Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
      Date:   Fri Jun 1 15:27:00 2012 +0200
      
          use UnrestrictedMethod instead of ad-hoc SUPER_USER, still keeping SUPER_USER for compatibility.
      4b16e1dd
  10. 17 Oct, 2011 1 commit
    • Julien Muchembled's avatar
      Drop support for Zope 2.8 · 48212534
      Julien Muchembled authored
      Checked following occurrences in comments:
      - "Python 2.[456]"
      - "Zope 2.[891]"
      - "BBB"
      - "BACK"
      
      Checked uses of:
      - email, hashlib, numpy & tarfile (modules)
      - ImportError
      - string.Template
      - suppress_events (parameter of _setObject)
      
      Excluded:
      - some forked modules (MailTemplates, PortalTransforms...)
      - some i18n compatibility code
      48212534
  11. 29 Aug, 2011 1 commit
    • Łukasz Nowak's avatar
      Simplify External Authnetication plugin. · ed08a17c
      Łukasz Nowak authored
      By understanding external_login in ERP5UserManager it is not required to repeat
      authenticateCredentials logic.
      
      Thanks to this ERP5ExternalAuthenticationPlugin can be used only as credential
      extraction plugin.
      
      Extend test suite to prove that enabling ERP5ExternalAuthenticationPlugin does
      not impact default scenario.
      ed08a17c
  12. 27 Jul, 2011 2 commits
  13. 21 Jul, 2011 1 commit
  14. 18 Jul, 2011 1 commit
  15. 15 Jul, 2010 1 commit
    • Sebastien Robin's avatar
      sync with trunk@37114 · c1ae57b0
      Sebastien Robin authored
      Conflicts:
      	bt5/erp5_base/bt/revision
      	bt5/erp5_simulation/DocumentTemplateItem/InvoiceSimulationRule.py
      	bt5/erp5_simulation/bt/revision
      	bt5/erp5_trade/SkinTemplateItem/portal_skins/erp5_trade/Base_viewTradeFieldLibrary.xml
      	bt5/erp5_trade/bt/change_log
      	bt5/erp5_trade/bt/revision
      	products/ERP5/Document/BusinessPath.py
      	products/ERP5/Document/SimulationMovement.py
      	products/ERP5/Document/TradeCondition.py
      	products/ERP5/Document/TradeModelLine.py
      	products/ERP5/bootstrap/erp5_mysql_innodb_catalog/bt/revision
      	products/ERP5Type/ERP5Type.py
      
      git-svn-id: https://svn.erp5.org/repos/public/erp5/sandbox/amount_generator@37129 20353a03-c40f-0410-a6d1-a30d3c3de9de
      c1ae57b0
  16. 12 Jul, 2010 1 commit
    • Julien Muchembled's avatar
      Reimplement ERP5Site_getAuthenticatedMemberPersonValue without using acl_users.erp5_users · bbd0f245
      Julien Muchembled authored
      Because some sites don't have an 'erp5_users' plugin in acl_users, and what
      ERP5Site_getAuthenticatedMemberPersonValue does is not specific to 'erp5_users'.
      
      This is done by moving code outside ERP5UserManager class so that it can be
      reused. Changes to ERP5UserManager.getUserLogin method are:
      - use a transactional cache instead of erp5_content_short:
        - a transactional cache is enough because authenticateCredentials already
          caches its result in erp5_content_short
        - no need to care about empty result from the catalog, which was done using
          _AuthenticationFailure (instead, we simply return an empty list)
        - cache person objects instead of their path
      - no need to use SUPER_USER since we use unrestrictedSearchResults
      
      git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@37065 20353a03-c40f-0410-a6d1-a30d3c3de9de
      bbd0f245
  17. 18 Jun, 2010 1 commit
  18. 17 Jun, 2010 1 commit
  19. 27 Nov, 2009 1 commit
  20. 07 Oct, 2009 1 commit
  21. 03 Jun, 2009 2 commits
  22. 28 May, 2009 2 commits
  23. 02 Jul, 2008 1 commit
  24. 30 May, 2008 2 commits
  25. 09 May, 2008 3 commits
  26. 14 Jan, 2008 3 commits
  27. 29 Aug, 2007 1 commit
  28. 17 Aug, 2007 1 commit
  29. 26 Jul, 2007 1 commit