Skip to content

Z
Zope
Commit bb0df0df authored by Hanno Schlichting's avatar Hanno Schlichting
Browse files
Options

More PEP8

parent 7ea83e5b
Show whitespace changes
Inline Side-by-side
Showing with 114 additions and 100 deletions
src/AccessControl/userfolder.py
View file @ bb0df0df
...@@ -58,14 +58,13 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -58,14 +58,13 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
Item): Item):
"""Base class for UserFolder-like objects""" """Base class for UserFolder-like objects"""
meta_type='User Folder' meta_type = 'User Folder'
id ='acl_users' id = 'acl_users'
title ='User Folder' title ='User Folder'
isPrincipiaFolderish=1 isPrincipiaFolderish = 1
isAUserFolder=1 isAUserFolder = 1
maxlistusers = DEFAULTMAXLISTUSERS maxlistusers = DEFAULTMAXLISTUSERS
encrypt_passwords = 1 encrypt_passwords = 1
security = ClassSecurityInfo() security = ClassSecurityInfo()
...@@ -73,7 +72,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -73,7 +72,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
manage_options=( manage_options=(
( (
{'label': 'Contents', 'action': 'manage_main'}, {'label': 'Contents', 'action': 'manage_main'},
{'label': 'Properties', 'action':'manage_userFolderProperties'}, {'label': 'Properties', 'action': 'manage_userFolderProperties'},
) )
+RoleManager.manage_options +RoleManager.manage_options
+Item.manage_options +Item.manage_options
...@@ -184,10 +183,11 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -184,10 +183,11 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
def identify(self, auth): def identify(self, auth):
if auth and auth.lower().startswith('basic '): if auth and auth.lower().startswith('basic '):
try: name, password=tuple(decodestring( try:
name, password = tuple(decodestring(
auth.split(' ')[-1]).split(':', 1)) auth.split(' ')[-1]).split(':', 1))
except: except:
raise BadRequest, 'Invalid authentication token' raise BadRequest('Invalid authentication token')
return name, password return name, password
else: else:
return None, None return None, None
...@@ -225,7 +225,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -225,7 +225,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
except: except:
noSecurityManager() noSecurityManager()
raise raise
except Unauthorized: pass except Unauthorized:
pass
return 0 return 0
def validate(self, request, auth='', roles=_noroles): def validate(self, request, auth='', roles=_noroles):
...@@ -272,7 +273,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -272,7 +273,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
elif user is None: elif user is None:
# either we didn't find the username, or the user's password # either we didn't find the username, or the user's password
# was incorrect. try to authorize and return the anonymous user. # was incorrect. try to authorize and return the anonymous user.
if self._isTop() and self.authorize(self._nobody, a,c,n,v,roles): if (self._isTop() and
self.authorize(self._nobody, a, c, n, v, roles)):
return self._nobody.__of__(self) return self._nobody.__of__(self)
else: else:
# anonymous can't authorize or we're not top-level user folder # anonymous can't authorize or we're not top-level user folder
...@@ -284,7 +286,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -284,7 +286,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
if self.authorize(user, a, c, n, v, roles): if self.authorize(user, a, c, n, v, roles):
return user.__of__(self) return user.__of__(self)
# That didn't work. Try to authorize the anonymous user. # That didn't work. Try to authorize the anonymous user.
elif self._isTop() and self.authorize(self._nobody,a,c,n,v,roles): elif (self._isTop() and
self.authorize(self._nobody, a, c, n, v, roles)):
return self._nobody.__of__(self) return self._nobody.__of__(self)
else: else:
# we can't authorize the user, and we either can't authorize # we can't authorize the user, and we either can't authorize
...@@ -301,9 +304,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -301,9 +304,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
if self._domain_auth_mode: if self._domain_auth_mode:
for user in self.getUsers(): for user in self.getUsers():
if user.getDomains(): if user.getDomains():
if self.authenticate( if self.authenticate(user.getUserName(),
user.getUserName(), '', request '', request):
):
if self.authorize(user, a, c, n, v, roles): if self.authorize(user, a, c, n, v, roles):
return user.__of__(self) return user.__of__(self)
...@@ -379,7 +381,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -379,7 +381,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
def _isTop(self): def _isTop(self):
try: try:
return aq_base(aq_parent(self)).isTopLevelPrincipiaApplicationObject parent = aq_base(aq_parent(self))
return parent.isTopLevelPrincipiaApplicationObject
except: except:
return 0 return 0
...@@ -447,104 +450,108 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -447,104 +450,108 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
return AuthEncoding.pw_encrypt(pw, 'SSHA') return AuthEncoding.pw_encrypt(pw, 'SSHA')
def domainSpecValidate(self,spec): def domainSpecValidate(self, spec):
for ob in spec: for ob in spec:
am = addr_match(ob) am = addr_match(ob)
hm = host_match(ob) hm = host_match(ob)
if am is None and hm is None: if am is None and hm is None:
return 0 return 0
return 1 return 1
@requestmethod('POST') @requestmethod('POST')
def _addUser(self,name,password,confirm,roles,domains,REQUEST=None): def _addUser(self, name, password, confirm, roles, domains, REQUEST=None):
if not name: if not name:
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='A username must be specified', message='A username must be specified',
action ='manage_main') action='manage_main')
if not password or not confirm: if not password or not confirm:
if not domains: if not domains:
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='Password and confirmation must be specified', message='Password and confirmation must be specified',
action ='manage_main') action='manage_main')
if self.getUser(name) or (self._emergency_user and if self.getUser(name) or (self._emergency_user and
name == self._emergency_user.getUserName()): name == self._emergency_user.getUserName()):
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='A user with the specified name already exists', message='A user with the specified name already exists',
action ='manage_main') action='manage_main')
if (password or confirm) and (password != confirm): if (password or confirm) and (password != confirm):
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='Password and confirmation do not match', message='Password and confirmation do not match',
action ='manage_main') action='manage_main')
if not roles: roles=[] if not roles:
if not domains: domains=[] roles = []
if not domains:
domains = []
if domains and not self.domainSpecValidate(domains): if domains and not self.domainSpecValidate(domains):
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='Illegal domain specification', message='Illegal domain specification',
action ='manage_main') action='manage_main')
self._doAddUser(name, password, roles, domains) self._doAddUser(name, password, roles, domains)
if REQUEST: return self._mainUser(self, REQUEST) if REQUEST:
return self._mainUser(self, REQUEST)
@requestmethod('POST') @requestmethod('POST')
def _changeUser(self,name,password,confirm,roles,domains,REQUEST=None): def _changeUser(self, name, password, confirm, roles, domains,
REQUEST=None):
if password == 'password' and confirm == 'pconfirm': if password == 'password' and confirm == 'pconfirm':
# Protocol for editUser.dtml to indicate unchanged password # Protocol for editUser.dtml to indicate unchanged password
password = confirm = None password = confirm = None
if not name: if not name:
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='A username must be specified', message='A username must be specified',
action ='manage_main') action='manage_main')
if password == confirm == '': if password == confirm == '':
if not domains: if not domains:
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='Password and confirmation must be specified', message='Password and confirmation must be specified',
action ='manage_main') action='manage_main')
if not self.getUser(name): if not self.getUser(name):
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='Unknown user', message='Unknown user',
action ='manage_main') action='manage_main')
if (password or confirm) and (password != confirm): if (password or confirm) and (password != confirm):
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='Password and confirmation do not match', message='Password and confirmation do not match',
action ='manage_main') action='manage_main')
if not roles: roles=[] if not roles:
if not domains: domains=[] roles = []
if not domains:
domains = []
if domains and not self.domainSpecValidate(domains): if domains and not self.domainSpecValidate(domains):
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='Illegal domain specification', message='Illegal domain specification',
action ='manage_main') action='manage_main')
self._doChangeUser(name, password, roles, domains) self._doChangeUser(name, password, roles, domains)
if REQUEST: return self._mainUser(self, REQUEST) if REQUEST:
return self._mainUser(self, REQUEST)
@requestmethod('POST') @requestmethod('POST')
def _delUsers(self,names,REQUEST=None): def _delUsers(self, names, REQUEST=None):
if not names: if not names:
return MessageDialog( return MessageDialog(
title ='Illegal value', title='Illegal value',
message='No users specified', message='No users specified',
action ='manage_main') action='manage_main')
self._doDelUsers(names) self._doDelUsers(names)
if REQUEST: return self._mainUser(self, REQUEST) if REQUEST:
return self._mainUser(self, REQUEST)
security.declareProtected(ManageUsers, 'manage_users') security.declareProtected(ManageUsers, 'manage_users')
def manage_users(self,submit=None,REQUEST=None,RESPONSE=None): def manage_users(self, submit=None, REQUEST=None, RESPONSE=None):
"""This method handles operations on users for the web based forms """This method handles operations on users for the web based forms
of the ZMI. Application code (code that is outside of the forms of the ZMI. Application code (code that is outside of the forms
that implement the UI of a user folder) are encouraged to use that implement the UI of a user folder) are encouraged to use
...@@ -553,33 +560,36 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -553,33 +560,36 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
return self._add_User(self, REQUEST) return self._add_User(self, REQUEST)
if submit=='Edit': if submit=='Edit':
try: user=self.getUser(reqattr(REQUEST, 'name')) try:
except: return MessageDialog( user=self.getUser(reqattr(REQUEST, 'name'))
title ='Illegal value', except:
return MessageDialog(
title='Illegal value',
message='The specified user does not exist', message='The specified user does not exist',
action ='manage_main') action='manage_main')
return self._editUser(self,REQUEST,user=user,password=user.__) return self._editUser(self, REQUEST, user=user, password=user.__)
if submit=='Add': if submit=='Add':
name =reqattr(REQUEST, 'name') name = reqattr(REQUEST, 'name')
password=reqattr(REQUEST, 'password') password = reqattr(REQUEST, 'password')
confirm =reqattr(REQUEST, 'confirm') confirm = reqattr(REQUEST, 'confirm')
roles =reqattr(REQUEST, 'roles') roles = reqattr(REQUEST, 'roles')
domains =reqattr(REQUEST, 'domains') domains = reqattr(REQUEST, 'domains')
return self._addUser(name,password,confirm,roles,domains,REQUEST) return self._addUser(name, password, confirm, roles,
domains, REQUEST)
if submit=='Change': if submit=='Change':
name =reqattr(REQUEST, 'name') name = reqattr(REQUEST, 'name')
password=reqattr(REQUEST, 'password') password = reqattr(REQUEST, 'password')
confirm =reqattr(REQUEST, 'confirm') confirm = reqattr(REQUEST, 'confirm')
roles =reqattr(REQUEST, 'roles') roles = reqattr(REQUEST, 'roles')
domains =reqattr(REQUEST, 'domains') domains = reqattr(REQUEST, 'domains')
return self._changeUser(name,password,confirm,roles, return self._changeUser(name, password, confirm, roles,
domains,REQUEST) domains, REQUEST)
if submit=='Delete': if submit=='Delete':
names=reqattr(REQUEST, 'names') names = reqattr(REQUEST, 'names')
return self._delUsers(names,REQUEST) return self._delUsers(names, REQUEST)
return self._mainUser(self, REQUEST) return self._mainUser(self, REQUEST)
...@@ -589,22 +599,25 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -589,22 +599,25 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
def manage_beforeDelete(self, item, container): def manage_beforeDelete(self, item, container):
if item is self: if item is self:
try: del container.__allow_groups__ try:
except: pass del container.__allow_groups__
except:
pass
def manage_afterAdd(self, item, container): def manage_afterAdd(self, item, container):
if item is self: if item is self:
self = aq_base(self) self = aq_base(self)
container.__allow_groups__ = self container.__allow_groups__ = self
def __creatable_by_emergency_user__(self): return 1 def __creatable_by_emergency_user__(self):
return 1
def _setId(self, id): def _setId(self, id):
if id != self.id: if id != self.id:
raise MessageDialog( raise MessageDialog(
title='Invalid Id', title='Invalid Id',
message='Cannot change the id of a UserFolder', message='Cannot change the id of a UserFolder',
action ='./manage_main',) action='./manage_main')
# Domain authentication support. This is a good candidate to # Domain authentication support. This is a good candidate to
...@@ -637,10 +650,10 @@ class UserFolder(BasicUserFolder): ...@@ -637,10 +650,10 @@ class UserFolder(BasicUserFolder):
implements(IStandardUserFolder) implements(IStandardUserFolder)
meta_type='User Folder' meta_type = 'User Folder'
id ='acl_users' id = 'acl_users'
title ='User Folder' title = 'User Folder'
icon ='p_/UserFolder' icon = 'p_/UserFolder'
def __init__(self): def __init__(self):
self.data=PersistentMapping() self.data=PersistentMapping()
...@@ -675,17 +688,17 @@ class UserFolder(BasicUserFolder): ...@@ -675,17 +688,17 @@ class UserFolder(BasicUserFolder):
if password is not None and self.encrypt_passwords \ if password is not None and self.encrypt_passwords \
and not self._isPasswordEncrypted(password): and not self._isPasswordEncrypted(password):
password = self._encryptPassword(password) password = self._encryptPassword(password)
self.data[name]=User(name,password,roles,domains) self.data[name] = User(name, password, roles, domains)
def _doChangeUser(self, name, password, roles, domains, **kw): def _doChangeUser(self, name, password, roles, domains, **kw):
user=self.data[name] user=self.data[name]
if password is not None: if password is not None:
if ( self.encrypt_passwords if (self.encrypt_passwords
and not self._isPasswordEncrypted(password)): and not self._isPasswordEncrypted(password)):
password = self._encryptPassword(password) password = self._encryptPassword(password)
user.__=password user.__ = password
user.roles=roles user.roles = roles
user.domains=domains user.domains = domains
def _doDelUsers(self, names): def _doDelUsers(self, names):
for name in names: for name in names:
...@@ -707,26 +720,27 @@ class UserFolder(BasicUserFolder): ...@@ -707,26 +720,27 @@ class UserFolder(BasicUserFolder):
import App.config import App.config
name, password, domains, remote_user_mode = info name, password, domains, remote_user_mode = info
self._doDelUsers(self.getUserNames()) self._doDelUsers(self.getUserNames())
self._doAddUser(name, password, ('Manager',), domains) self._doAddUser(name, password, ('Manager', ), domains)
cfg = App.config.getConfiguration() cfg = App.config.getConfiguration()
try: try:
os.remove(os.path.join(cfg.instancehome, 'inituser')) os.remove(os.path.join(cfg.instancehome, 'inituser'))
except: except:
pass pass
InitializeClass(UserFolder) InitializeClass(UserFolder)
def manage_addUserFolder(self,dtself=None,REQUEST=None,**ignored): def manage_addUserFolder(self, dtself=None, REQUEST=None, **ignored):
""" """ """ """
f=UserFolder() f = UserFolder()
self=self.this() self = self.this()
try: self._setObject('acl_users', f) try:
except: return MessageDialog( self._setObject('acl_users', f)
title ='Item Exists', except:
return MessageDialog(
title='Item Exists',
message='This object already contains a User Folder', message='This object already contains a User Folder',
action ='%s/manage_main' % REQUEST['URL1']) action='%s/manage_main' % REQUEST['URL1'])
self.__allow_groups__=f self.__allow_groups__ = f
if REQUEST is not None: if REQUEST is not None:
REQUEST['RESPONSE'].redirect(self.absolute_url()+'/manage_main') REQUEST['RESPONSE'].redirect(self.absolute_url()+'/manage_main')
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7