use enumerateUsers instead of ad-hoc getPersonByReference and getLoginObject.

e4b3fa74 · Kazuhiko Shiozaki · 5570c555 · e4b3fa74 · e4b3fa74 · e4b3fa74
Commit e4b3fa74 authored Oct 21, 2016 by Kazuhiko Shiozaki
8 changed files
--- a/bt5/erp5_base/DocumentTemplateItem/portal_components/document.erp5.Login.py
+++ b/bt5/erp5_base/DocumentTemplateItem/portal_components/document.erp5.Login.py
@@ -72,9 +72,8 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
        self.getPortalType() + '_setReference_' + value.encode('hex')
      # Check that there no existing user
      erp5_users = portal.acl_users.erp5_users
-      login = erp5_users.getLoginObject(value, self.getPortalType())
-      if login is not None and login != self and \
-          login != self.getParentValue():
+      user_list = erp5_users.enumerateUsers(login=value)
+      if [x for x in user_list if x.get('login', {}).get('path', '') != self.getPath()]:
        raise RuntimeError, 'user id %s already exist' % (value,)
      # Check that there is no reindexation related to reference indexation
      if portal.portal_activities.countMessageWithTag(tag):
@@ -95,4 +94,4 @@ class Login(XMLObject, LoginAccountProviderMixin, EncryptedPasswordMixin):
    self.reindexObject(activate_kw=activate_kw)
    # invalid the cache for ERP5Security
    portal_caches = portal.portal_caches
-    portal_caches.clearCache(cache_factory_list=('erp5_content_short', ))
\ No newline at end of file
+    portal_caches.clearCache(cache_factory_list=('erp5_content_short', ))
--- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
+++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/PreferenceTool_setNewPassword.py
@@ -3,7 +3,7 @@ from Products.ERP5Type.Message import translateString

 portal = context.getPortalObject()
 user = getSecurityManager().getUser()
-person = context.acl_users.erp5_users.getPersonByReference(user.getId())
+person = portal.restrictedTraverse(portal.acl_users.erp5_users.enumerateUsers(id=user.getId())[0]['path'])
 for login in person.objectValues(portal_type='ERP5 Login'):
  if login.getReference() == reference and login.getValidationState() == 'validated':
    break

--- a/product/ERP5/Tool/PasswordTool.py
+++ b/product/ERP5/Tool/PasswordTool.py
@@ -272,8 +272,10 @@ class PasswordTool(BaseTool):
      # XXX: incorrect grammar
      return error("Date has expire.")
    del self._password_request_dict[password_key]
-    login = self.getPortalObject().acl_users.erp5_users.getLoginObject(
-      register_user_login, 'ERP5 Login')
+    login = self.getPortalObject().unrestrictedTraverse(
+      self.getPortalObject().acl_users.erp5_users.enumerateUsers(
+        login=register_user_login,
+        login_portal_type='ERP5 Login')[0]['login']['path'])
    login._forceSetPassword(password)
    login.reindexObject()
    return redirect(REQUEST, site_url,

--- a/product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
+++ b/product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py
@@ -53,12 +53,14 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec

  category_list = []

-  person_object = self.getPortalObject().acl_users.erp5_users.getPersonByReference(user_name)
-  if person_object is None:
+  user_list = self.getPortalObject().acl_users.erp5_users.enumerateUsers(id=user_name)
+  if not user_list or not 'path' in user_list[0]:
    # if a person_object was not found in the module, we do nothing more
    # this happens for example when a manager with no associated person object
    # creates a person_object for a new user
    return []
+  else:
+    person_object = self.getPortalObject().unrestrictedTraverse(user_list[0]['path'])

  # We look for every valid assignments of this user
  for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):

--- a/product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
+++ b/product/ERP5Security/ERP5ExternalOauth2ExtractionPlugin.py
@@ -178,8 +178,8 @@ class ERP5ExternalOauth2ExtractionPluginBase(BasePlugin):
      self.REQUEST['USER_CREATION_IN_PROGRESS'] = user
    else:
      # create the user if not found
-      person_list = self.erp5_users.getPersonByReference(user)
-      if len(person_list) == 0:
+      user_list = self.erp5_users.enumerateUsers(id=user)
+      if not user_list:
        sm = getSecurityManager()
        if sm.getUser().getId() != SUPER_USER:
          newSecurityManager(self, self.getUser(SUPER_USER))

--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -31,7 +31,7 @@ import sys

 from zLOG import LOG, WARNING

-from ERP5UserManager import SUPER_USER, getUserByLogin
+from ERP5UserManager import SUPER_USER

 # It can be useful to set NO_CACHE_MODE to 1 in order to debug
 # complex security issues related to caching groups. For example,
@@ -117,9 +117,16 @@ class ERP5GroupManager(BasePlugin):
          security_definition_list = mapping_method()

        # get the person from its login - no security check needed
-        person_object = self.erp5_users.getPersonByReference(user_name)
-        if person_object is None: # no person is linked to this user login
+        user_list = self.erp5_users.enumerateUsers(id=user_name)
+        if not user_list:
          return ()
+        else:
+          path = user_list[0].get('path')
+          if path:
+            person_object = self.getPortalObject().unrestrictedTraverse(path)
+          else:
+            # not ERP5 user
+            return ()

        # Fetch category values from defined scripts
        for (method_name, base_category_list) in security_definition_list:

--- a/product/ERP5Security/ERP5KeyAuthPlugin.py
+++ b/product/ERP5Security/ERP5KeyAuthPlugin.py
@@ -46,8 +46,6 @@ from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHel

 from Products.ERP5Type.Cache import CachingMethod
 from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
-from Products.ERP5Security.ERP5UserManager import SUPER_USER,\
-                                                  _AuthenticationFailure

 from Crypto.Cipher import AES
 from Crypto import Random

--- a/product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
+++ b/product/ERP5Wizard/PAS/ERP5RemoteUserManager.py
@@ -25,7 +25,7 @@ from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlug
                                                             IUserEnumerationPlugin
 from Products.ERP5Type.Cache import CachingMethod
 from DateTime import DateTime
-from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER, _AuthenticationFailure
+from Products.ERP5Security.ERP5UserManager import ERP5UserManager

 from BTrees.OOBTree import OOBTree
 from zLOG import LOG, INFO, WARNING