WIP: Do not disallow SUPER_USER by login.

Super-user magic must happen by id, not by name. This may be required by other PAS plugin changes, as now SUPER_USER has an id but no login. Also, this requires more work on special users, to see if we can test them by id and not by login, as well.

WIP: Do not disallow SUPER_USER by login.
Super-user magic must happen by id, not by name. This may be required by other PAS plugin changes, as now SUPER_USER has an id but no login. Also, this requires more work on special users, to see if we can test them by id and not by login, as well.
ce2eac2c · Vincent Pelletier · 3fcf0879 · ce2eac2c · ce2eac2c
Commit ce2eac2c authored Oct 24, 2016 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 4 deletions

product/ERP5Security/ERP5UserFactory.py product/ERP5Security/ERP5UserFactory.py +1 -1

product/ERP5Security/ERP5UserManager.py product/ERP5Security/ERP5UserManager.py +0 -3

No files found.
--- a/product/ERP5Security/ERP5UserFactory.py
+++ b/product/ERP5Security/ERP5UserFactory.py
@@ -104,7 +104,7 @@ class ERP5User(PropertiedUser):
    As for getRolesInContext, we take into account _getAcquireLocalRoles for
    ERP5.
    """
-    if self.getUserName() == SUPER_USER:
+    if self.getId() == SUPER_USER:
      # super user is allowed to accesss any object
      return 1


--- a/product/ERP5Security/ERP5UserManager.py
+++ b/product/ERP5Security/ERP5UserManager.py
@@ -110,9 +110,6 @@ class ERP5UserManager(BasePlugin):
    return (user_value.getReference(), login_value.getReference())

  def _getLoginValueFromLogin(self, login, login_portal_type=None):
-    # Forbidden the usage of the super user.
-    if login == SUPER_USER:
-      return
    user_list = self.enumerateUsers(
      login=login,
      exact_match=True,