fixup! [by Vincent] Get rid of all module-global callables. Use PAS API...

fixup! [by Vincent] Get rid of all module-global callables. Use PAS API instead. Use all non-PAS API public methods. Use PAS API instead. Implement IAuthenticationPlugin API better, so PAS API becomes usable for ERP5-based authentication.

product/ERP5Security/ERP5UserFactory.py

@@ -49,6 +49,8 @@ class ERP5User(PropertiedUser):
   """ User class that checks the object allows acquisition of local roles the
   ERP5Type way.
   """
+  _user_value = None
+  _login_value = None
 
   def getRolesInContext( self, object ):
     """ Return the list of roles assigned to the user.
@@ -204,6 +206,55 @@ class ERP5User(PropertiedUser):
     """
     return self._id
 
+  def getUserValue(self):
+    """ -> user document
+
+    Return the document (ex: Person) corresponding to current user.
+    """
+    result = self._user_value
+    if result is not None:
+      return result
+    user, = [x for x in self.aq_parent.searchUsers(
+      exact_match=True,
+      id=self.getId(),
+    ) if 'path' in x]
+    result = self._user_value = self.getPortalObject().restrictedTraverse(
+      user['path'],
+    )
+    return result
+
+  def getLoginValue(self):
+    """ -> login document
+
+    Return the document (ex: ERP5 Login) corresponding to current user's login.
+    """
+    result = self._login_value
+    if result is not None:
+      return result
+    user, = [x for x in self.aq_parent.searchUsers(
+      exact_match=True,
+      login=self.getUserName(),
+    ) if 'login_list' in x]
+    login, = user['login_list']
+    result = self._login_value = self.getPortalObject().restrictedTraverse(
+      login['path'],
+    )
+    return result
+
+  def getLoginValueList(self, portal_type=None, limit=None):
+    """ -> list of login documents
+
+    Return the list of login documents belonging to current user.
+    """
+    user, = [x for x in self.aq_parent.searchUsers(
+      exact_match=True,
+      id=self.getId(),
+      login_portal_type=portal_type,
+      max_results=limit,
+    ) if 'login_list' in x]
+    restrictedTraverse = self.getPortalObject().restrictedTraverse
+    return [restrictedTraverse(x['path']) for x in user['login_list']]
+
 InitializeClass(ERP5User)
 
 

product/ERP5Security/ERP5UserManager.py

@@ -15,6 +15,7 @@
 """ Classes: ERP5UserManager
 """
 
+from funtools import partial
 from Products.ERP5Type.Globals import InitializeClass
 from AccessControl import ClassSecurityInfo
 from AccessControl.AuthEncoding import pw_validate
@@ -142,10 +143,11 @@ class ERP5UserManager(BasePlugin):
     ).dictionaries()
     searchLogin = lambda **kw: unrestrictedSearchResults(
       select_list=('parent_uid', 'reference'),
-      portal_type=login_portal_type or [],
       validation_state='validated',
       **kw
     ).dictionaries()
+    if login_portal_type is not None:
+      searchLogin = partial(searchLogin, portal_type=login_portal_type)
     if login is None:
       # Only search by id if login is not given. Same logic as in
       # PluggableAuthService.searchUsers.
@@ -209,7 +211,7 @@ class ERP5UserManager(BasePlugin):
         'id': user['reference'],
         # Note: PAS forbids us from returning more than one entry per given id,
         # so take any available login.
-        'login': login_dict.get(user['uid'], [None])[0],
+        'login': login_dict.get(user['uid'], [None])[0]['reference'],
         'pluginid': plugin_id,
 
         # Extra properties, specific to ERP5