Commit f363ac65 authored by Vincent Pelletier's avatar Vincent Pelletier

Products.CMFActivity.ActivityTool: Store user object in activity.

When spawning an activity, store the current security context's user in
the Message object itself, so the activity security context can be
re-created with the same security during activity execution.
This allows a user to be modified (different groups, global roles, maybe
removed altogether) after they spawned activities and before these activities
could run.
It also means that any temporary custom group or global role granted to
that user (by a privilege elevation mechanism out of the scope of this
change) will still be effective during the activity execution.
This follows the principle that
  foo.activate(...).bar(...)
should be equivalent to its "immediate execution" version
  foo.bar(...)
by ensuring that the security context of the activity is the same as the
one which was applied to the code which spawned that activity,
independently of any intermediate configuration change - hence improving
(deferred and fragmentary) transaction isolation.

This also removes the need to look the user up, then looking up their
assignments (and other documents involved in group computation), etc,
saving the cost of these calls.

Also, remove redundant user_name argument of Message.changeUser method.
parent 428833f3
...@@ -27,6 +27,7 @@ from __future__ import absolute_import ...@@ -27,6 +27,7 @@ from __future__ import absolute_import
# #
############################################################################## ##############################################################################
import copy
import socket import socket
import urllib import urllib
import threading import threading
...@@ -195,6 +196,9 @@ class Message(BaseMessage): ...@@ -195,6 +196,9 @@ class Message(BaseMessage):
exc_type = None exc_type = None
is_executed = MESSAGE_NOT_EXECUTED is_executed = MESSAGE_NOT_EXECUTED
traceback = None traceback = None
user_name = None
user_object = None
user_folder_path = None
document_uid = None document_uid = None
is_registered = False is_registered = False
line = None line = None
...@@ -224,7 +228,14 @@ class Message(BaseMessage): ...@@ -224,7 +228,14 @@ class Message(BaseMessage):
# was generated. # was generated.
# Strip last stack entry, since it will always be the same. # Strip last stack entry, since it will always be the same.
self.call_traceback = ''.join(format_list(extract_stack()[:-1])) self.call_traceback = ''.join(format_list(extract_stack()[:-1]))
self.user_name = getSecurityManager().getUser().getIdOrUserName() user = getSecurityManager().getUser()
self.user_object = copy.deepcopy(aq_base(user))
# Note: userfolders are not ERP5 objects, so use OFS API.
self.user_folder_path = getattr(
aq_parent(user),
'getPhysicalPath',
lambda: None,
)()
# Store REQUEST Info # Store REQUEST Info
self.request_info = {} self.request_info = {}
if request is not None: if request is not None:
...@@ -298,31 +309,42 @@ class Message(BaseMessage): ...@@ -298,31 +309,42 @@ class Message(BaseMessage):
pass pass
return 1 return 1
def changeUser(self, user_name, activity_tool): def changeUser(self, activity_tool):
"""restore the security context for the calling user.""" """restore the security context for the calling user."""
portal = activity_tool.getPortalObject() portal = activity_tool.getPortalObject()
portal_uf = portal.acl_users user = self.user_object
uf = portal_uf if user is None and self.user_name is not None: # BBB
user = uf.getUserById(user_name) user_name = self.user_name
# if the user is not found, try to get it from a parent acl_users user_folder = portal_user_folder = portal.acl_users
# XXX this is still far from perfect, because we need to store all user = user_folder.getUserById(user_name)
# information about the user (like original user folder, roles) to # if the user is not found, try to get it from a parent acl_users
# replay the activity with exactly the same security context as if # XXX this is still far from perfect, because we need to store all
# it had been executed without activity. # information about the user (like original user folder, roles) to
if user is None: # replay the activity with exactly the same security context as if
uf = portal.aq_parent.acl_users # it had been executed without activity.
user = uf.getUserById(user_name) if user is None:
if user is None and user_name == system_user.getUserName(): user_folder = portal.aq_parent.acl_users
# The following logic partly comes from unrestricted_apply() user = user_folder.getUserById(user_name)
# implementation in ERP5Type.UnrestrictedMethod but we get roles if user is None and user_name == system_user.getUserName():
# from the portal to have more roles. # The following logic partly comes from unrestricted_apply()
uf = portal_uf # implementation in ERP5Type.UnrestrictedMethod but we get roles
role_list = uf.valid_roles() # from the portal to have more roles.
user = PrivilegedUser(user_name, None, role_list, ()).__of__(uf) user_folder = portal_user_folder
user = PrivilegedUser(
user_name,
None,
user_folder.valid_roles(),
(),
)
else:
user_folder = portal.getPhysicalRoot().unrestrictedTraverse(
self.user_folder_path,
)
user_name = user.getIdOrUserName()
if user is not None: if user is not None:
user = user.__of__(uf) user = user.__of__(user_folder)
newSecurityManager(None, user) newSecurityManager(None, user)
transaction.get().setUser(user_name, '/'.join(uf.getPhysicalPath())) transaction.get().setUser(user_name, '/'.join(user_folder.getPhysicalPath()))
else : else :
LOG("CMFActivity", WARNING, LOG("CMFActivity", WARNING,
"Unable to find user %r in the portal" % user_name) "Unable to find user %r in the portal" % user_name)
...@@ -347,7 +369,7 @@ class Message(BaseMessage): ...@@ -347,7 +369,7 @@ class Message(BaseMessage):
try: try:
# Change user if required (TO BE DONE) # Change user if required (TO BE DONE)
# We will change the user only in order to execute this method # We will change the user only in order to execute this method
self.changeUser(self.user_name, activity_tool) self.changeUser(activity_tool)
# XXX: There is no check to see if user is allowed to access # XXX: There is no check to see if user is allowed to access
# that method ! # that method !
method = getattr(obj, self.method_id) method = getattr(obj, self.method_id)
...@@ -420,7 +442,7 @@ Named Parameters: %r ...@@ -420,7 +442,7 @@ Named Parameters: %r
try: try:
# Change user if required (TO BE DONE) # Change user if required (TO BE DONE)
# We will change the user only in order to execute this method # We will change the user only in order to execute this method
user = self.changeUser(self.user_name, activity_tool) user = self.changeUser(activity_tool)
active_obj = obj.activate(activity=activity, **self.activity_kw) active_obj = obj.activate(activity=activity, **self.activity_kw)
getattr(active_obj, self.method_id)(*self.args, **self.kw) getattr(active_obj, self.method_id)(*self.args, **self.kw)
finally: finally:
...@@ -1664,7 +1686,7 @@ class ActivityTool (BaseTool): ...@@ -1664,7 +1686,7 @@ class ActivityTool (BaseTool):
message = m._message message = m._message
if user_name != message.user_name: if user_name != message.user_name:
user_name = message.user_name user_name = message.user_name
message.changeUser(user_name, m.object) message.changeUser(m.object)
m.result = getattr(m.object, method_id)(*m.args, **m.kw) m.result = getattr(m.object, method_id)(*m.args, **m.kw)
except Exception: except Exception:
m.raised() m.raised()
......
...@@ -30,6 +30,10 @@ import inspect ...@@ -30,6 +30,10 @@ import inspect
import warnings import warnings
from functools import wraps from functools import wraps
from itertools import product from itertools import product
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManagement import setSecurityManager
from AccessControl.SecurityManagement import newSecurityManager
from Acquisition import aq_base, aq_parent
from Products.ERP5Type.tests.utils import LogInterceptor from Products.ERP5Type.tests.utils import LogInterceptor
from Testing import ZopeTestCase from Testing import ZopeTestCase
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
...@@ -40,6 +44,7 @@ from Products.CMFActivity.Activity.SQLBase import INVOKE_ERROR_STATE ...@@ -40,6 +44,7 @@ from Products.CMFActivity.Activity.SQLBase import INVOKE_ERROR_STATE
from Products.CMFActivity.Activity.Queue import VALIDATION_ERROR_DELAY from Products.CMFActivity.Activity.Queue import VALIDATION_ERROR_DELAY
from Products.CMFActivity.Activity.SQLDict import SQLDict from Products.CMFActivity.Activity.SQLDict import SQLDict
from Products.CMFActivity.Errors import ActivityPendingError, ActivityFlushError from Products.CMFActivity.Errors import ActivityPendingError, ActivityFlushError
from Products.PluggableAuthService.PropertiedUser import PropertiedUser
from erp5.portal_type import Organisation from erp5.portal_type import Organisation
from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import newSecurityManager
from zLOG import LOG from zLOG import LOG
...@@ -2798,3 +2803,34 @@ return [x.getObject() for x in context.portal_catalog(limit=100)] ...@@ -2798,3 +2803,34 @@ return [x.getObject() for x in context.portal_catalog(limit=100)]
self.portal.portal_activities.manageActivitiesAdvanced() self.portal.portal_activities.manageActivitiesAdvanced()
self.portal.portal_activities.manageLoadBalancing() self.portal.portal_activities.manageLoadBalancing()
self.assertEqual(catched_warnings, []) self.assertEqual(catched_warnings, [])
@for_each_activity
def testSpawnTimeUserGroupAndRoleUsedDuringExecution(self, activity):
obj = self.portal.organisation_module.newContent(portal_type='Organisation')
self.tic()
# This user cannot be created by userfolder API, validating that activity
# execution does not use it.
# Using a PropertiedUser because it is the lowest-level class which has a
# groups notion.
artificial_user = PropertiedUser(
id='this user does not exist',
login='does not matter',
).__of__(self.portal.acl_users)
artificial_user._addGroups(groups=('group 1', 'group 2'))
artificial_user._addRoles(roles=('role 1', 'role 2'))
initial_security_manager = getSecurityManager()
def checkUserGroupAndRole(organisation_self):
user = getSecurityManager().getUser()
self.assertIs(type(aq_base(user)), PropertiedUser)
self.assertEqual(aq_parent(user), aq_parent(artificial_user))
self.assertEqual(user.getId(), artificial_user.getId())
self.assertItemsEqual(user.getGroups(), artificial_user.getGroups())
self.assertItemsEqual(user.getRoles(), artificial_user.getRoles())
Organisation.checkUserGroupAndRole = checkUserGroupAndRole
try:
newSecurityManager(None, artificial_user)
obj.activate(activity=activity).checkUserGroupAndRole()
self.tic()
finally:
setSecurityManager(initial_security_manager)
del Organisation.checkUserGroupAndRole
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment