Commit 7b625d75 authored by matt@zope.com's avatar matt@zope.com

Change for 2.5 for user local role lists. acl_user folders now support a

maxlistusers property (managed from user folder properties tab) which
limits the number of roles that rolemanager's get_valid_users will return
before raising an OverflowError.  The DTML for listLocalRoles will insert a
text box for user id entry if OverflowError is raised.
parent 9e98c1f2
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""Access control support""" """Access control support"""
__version__='$Revision: 1.50 $'[11:-2] __version__='$Revision: 1.51 $'[11:-2]
from Globals import DTMLFile, MessageDialog, Dictionary from Globals import DTMLFile, MessageDialog, Dictionary
...@@ -96,6 +96,8 @@ from App.Common import aq_base ...@@ -96,6 +96,8 @@ from App.Common import aq_base
ListType=type([]) ListType=type([])
DEFAULTMAXLISTUSERS=250
def _isBeingUsedAsAMethod(self): def _isBeingUsedAsAMethod(self):
return aq_get(self, '_isBeingUsedAsAMethod_', 0) return aq_get(self, '_isBeingUsedAsAMethod_', 0)
...@@ -374,14 +376,24 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager): ...@@ -374,14 +376,24 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
def get_valid_userids(self): def get_valid_userids(self):
item=self item=self
dict={} dict={}
_notfound = []
while 1: while 1:
if hasattr(aq_base(item), 'acl_users') and \ aclu = getattr(aq_base(item), 'acl_users', _notfound)
hasattr(item.acl_users, 'user_names'): if aclu is not _notfound:
for name in item.acl_users.user_names(): mlu = getattr(aclu, 'maxlistusers', _notfound)
dict[name]=1 if type(mlu) != type(1): mlu = DEFAULTMAXLISTUSERS
if not hasattr(item, 'aq_parent'): if mlu < 0: raise OverflowError
un = getattr(aclu, 'user_names', _notfound)
if un is not _notfound:
unl = un()
# maxlistusers of 0 is list all
if len(unl) > mlu and mlu != 0:
raise OverflowError
for name in un():
dict[name]=1
item = getattr(item, 'aq_parent', _notfound)
if item is _notfound:
break break
item=item.aq_parent
keys=dict.keys() keys=dict.keys()
keys.sort() keys.sort()
return tuple(keys) return tuple(keys)
......
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""Access control package""" """Access control package"""
__version__='$Revision: 1.157 $'[11:-2] __version__='$Revision: 1.158 $'[11:-2]
import Globals, socket, SpecialUsers,re import Globals, socket, SpecialUsers,re
import os import os
...@@ -95,7 +95,7 @@ from Acquisition import Implicit ...@@ -95,7 +95,7 @@ from Acquisition import Implicit
from OFS.SimpleItem import Item from OFS.SimpleItem import Item
from base64 import decodestring from base64 import decodestring
from App.ImageFile import ImageFile from App.ImageFile import ImageFile
from Role import RoleManager from Role import RoleManager, DEFAULTMAXLISTUSERS
from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
import AuthEncoding import AuthEncoding
from AccessControl import getSecurityManager, Unauthorized from AccessControl import getSecurityManager, Unauthorized
...@@ -479,6 +479,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -479,6 +479,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
isPrincipiaFolderish=1 isPrincipiaFolderish=1
isAUserFolder=1 isAUserFolder=1
maxlistusers = DEFAULTMAXLISTUSERS
encrypt_passwords = 0 encrypt_passwords = 0
...@@ -795,11 +796,17 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -795,11 +796,17 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
management_view='Properties') management_view='Properties')
def manage_setUserFolderProperties(self, encrypt_passwords=0, def manage_setUserFolderProperties(self, encrypt_passwords=0,
update_passwords=0, REQUEST=None): update_passwords=0,
maxlistusers=DEFAULTMAXLISTUSERS,
REQUEST=None):
""" """
Sets the properties of the user folder. Sets the properties of the user folder.
""" """
self.encrypt_passwords = not not encrypt_passwords self.encrypt_passwords = not not encrypt_passwords
try:
self.maxlistusers = int(maxlistusers)
except ValueError:
self.maxlistusers = DEFAULTMAXLISTUSERS
if encrypt_passwords and update_passwords: if encrypt_passwords and update_passwords:
changed = 0 changed = 0
for u in self.getUsers(): for u in self.getUsers():
......
...@@ -74,12 +74,18 @@ roles that should be given to that user from the <em>Roles</em> list. ...@@ -74,12 +74,18 @@ roles that should be given to that user from the <em>Roles</em> list.
<tr> <tr>
<td align="left" valign="top"> <td align="left" valign="top">
<div class="form-element"> <div class="form-element">
<dtml-try>
<select name="userid" size="5"> <select name="userid" size="5">
<dtml-in get_valid_userids> <dtml-in get_valid_userids>
<option value="<dtml-var sequence-item html_quote>"><dtml-var <option value="<dtml-var sequence-item html_quote>"><dtml-var
sequence-item></option> sequence-item></option>
</dtml-in> </dtml-in>
</select> </select>
<dtml-except OverflowError>
<input name="userid" size=10>
</dtml-try>
</div> </div>
</td> </td>
<td align="left" valign="top"> <td align="left" valign="top">
......
...@@ -17,6 +17,14 @@ ...@@ -17,6 +17,14 @@
</dtml-let> </dtml-let>
</td> </td>
</tr> </tr>
<tr>
<td align="left" valign="center" class="form-label">
Role assignment presents search dialog when more users than N (-1 is always, 0 is never).
</td>
<td align="left" valign="center" class="form-element">
<input type=text name="maxlistusers" value="&dtml.missing-maxlistusers;" size=3>
</td>
</tr>
</table> </table>
......
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
"""User folder tests
"""
__rcs_id__='$Id: testUserFolder.py,v 1.2 2001/10/02 16:16:25 matt Exp $'
__version__='$Revision: 1.2 $'[11:-2]
import os, sys
execfile(os.path.join(sys.path[0], 'framework.py'))
import ZODB
from DocumentTemplate import HTML
from DocumentTemplate.tests.testDTML import DTMLTests
from Products.PythonScripts.standard import DTML
from AccessControl import User, Unauthorized
from AccessControl.User import BasicUserFolder
from ExtensionClass import Base
class SecurityTests (DTMLTests):
def testMaxListUsers(self):
# create a folder-ish thing which contains a roleManager,
# then put an acl_users object into the folde-ish thing
class Folderish(BasicUserFolder):
def __init__(self, size, count):
self.maxlistusers = size
self.users = []
self.acl_users = self
for i in xrange(count):
self.users.append("Nobody")
def getUsers(self):
return self.users
def user_names(self):
return self.getUsers()
tinyFolderOver = Folderish(15, 20)
tinyFolderUnder = Folderish(15, 10)
assert tinyFolderOver.maxlistusers == 15
assert tinyFolderUnder.maxlistusers == 15
assert len(tinyFolderOver.user_names()) == 20
assert len(tinyFolderUnder.user_names()) == 10
try:
list = tinyFolderOver.get_valid_userids()
assert 0, "Did not raise overflow error"
except OverflowError:
pass
try:
list = tinyFolderUnder.get_valid_userids()
pass
except OverflowError:
assert 0, "Raised overflow error erroneously"
framework()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment