use enumerateUsers instead of ad-hoc getPersonByReference and getLoginObject.

bt5/erp5_base/DocumentTemplateItem/portal_components/document.erp5.Login.py

@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
         self.getPortalType() + '_setReference_' + value.encode('hex')
       # Check that there no existing user
       erp5_users = portal.acl_users.erp5_users
-      login = erp5_users.getLoginObject(value, self.getPortalType())
-      if login is not None and login != self and \
-          login != self.getParentValue():
+      user_list = erp5_users.enumerateUsers(login=value)
+      if [x for x in user_list if x.get('login', {}).get('path', '') != self.getPath()]:
         raise RuntimeError, 'user id %s already exist' % (value,)
       # Check that there is no reindexation related to reference indexation
       if portal.portal_activities.countMessageWithTag(tag):

bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/PreferenceTool_setNewPassword.py

@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString
 
 portal = context.getPortalObject()
 user = getSecurityManager().getUser()
-person = context.acl_users.erp5_users.getPersonByReference(user.getId())
+person = portal.restrictedTraverse(portal.acl_users.erp5_users.enumerateUsers(id=user.getId())[0]['path'])
 for login in person.objectValues(portal_type='ERP5 Login'):
   if login.getReference() == reference and login.getValidationState() == 'validated':
     break

product/ERP5/Tool/PasswordTool.py

@@ -272,8 +272,10 @@ class PasswordTool(BaseTool):
       # XXX: incorrect grammar
       return error("Date has expire.")
     del self._password_request_dict[password_key]
-    login = self.getPortalObject().acl_users.erp5_users.getLoginObject(
-      register_user_login, 'ERP5 Login')
+    login = self.getPortalObject().unrestrictedTraverse(
+      self.getPortalObject().acl_users.erp5_users.enumerateUsers(
+        login=register_user_login,
+        login_portal_type='ERP5 Login')[0]['login']['path'])
     login._forceSetPassword(password)
     login.reindexObject()
     return redirect(REQUEST, site_url,

product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py

@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
 
   category_list = []
 
-  person_object = self.getPortalObject().acl_users.erp5_users.getPersonByReference(user_name)
-  if person_object is None:
+  user_list = self.getPortalObject().acl_users.erp5_users.enumerateUsers(id=user_name)
+  if not user_list or not 'path' in user_list[0]:
     # if a person_object was not found in the module, we do nothing more
     # this happens for example when a manager with no associated person object
     # creates a person_object for a new user
     return []
+  else:
+    person_object = self.getPortalObject().unrestrictedTraverse(user_list[0]['path'])
 
   # We look for every valid assignments of this user
   for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):

product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py

@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin):
       self.REQUEST['USER_CREATION_IN_PROGRESS'] = user
     else:
       # create the user if not found
-      person_list = self.erp5_users.getPersonByReference(user)
-      if len(person_list) == 0:
+      user_list = self.erp5_users.enumerateUsers(id=user)
+      if not user_list:
         sm = getSecurityManager()
         if sm.getUser().getId() != SUPER_USER:
           newSecurityManager(self, self.getUser(SUPER_USER))

product/ERP5Security/ERP5GroupManager.py

@@ -31,7 +31,7 @@ import sys
 
 from zLOG import LOG, WARNING
 
-from ERP5UserManager import SUPER_USER, getUserByLogin
+from ERP5UserManager import SUPER_USER
 
 # It can be useful to set NO_CACHE_MODE to 1 in order to debug
 # complex security issues related to caching groups. For example,
@@ -117,8 +117,15 @@ class ERP5GroupManager(BasePlugin):
           security_definition_list = mapping_method()
 
         # get the person from its login - no security check needed
-        person_object = self.erp5_users.getPersonByReference(user_name)
-        if person_object is None: # no person is linked to this user login
+        user_list = self.erp5_users.enumerateUsers(id=user_name)
+        if not user_list:
+          return ()
+        else:
+          path = user_list[0].get('path')
+          if path:
+            person_object = self.getPortalObject().unrestrictedTraverse(path)
+          else:
+            # not ERP5 user
             return ()
 
         # Fetch category values from defined scripts

product/ERP5Security/ERP5KeyAuthPlugin.py

@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel
 
 from Products.ERP5Type.Cache import CachingMethod
 from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
-from Products.ERP5Security.ERP5UserManager import SUPER_USER,\
-                                                  _AuthenticationFailure
 
 from Crypto.Cipher import AES
 from Crypto import Random

product/ERP5Wizard/PAS/ERP5RemoteUserManager.py

@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
                                                              IUserEnumerationPlugin
 from Products.ERP5Type.Cache import CachingMethod
 from DateTime import DateTime
-from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER, _AuthenticationFailure
+from Products.ERP5Security.ERP5UserManager import ERP5UserManager
 
 from BTrees.OOBTree import OOBTree
 from zLOG import LOG, INFO, WARNING