Commit 6b77e6d4 authored by Julien Muchembled's avatar Julien Muchembled

Drop support for NuxUserGroups

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@30257 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 47e796f7
......@@ -9,12 +9,6 @@
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>__ac_local_group_roles__</string> </key>
<value>
<dictionary/>
</value>
</item>
<item>
<key> <string>_local_properties</string> </key>
<value>
......
247
\ No newline at end of file
248
\ No newline at end of file
......@@ -1460,12 +1460,6 @@
</tuple>
</value>
</item>
<item>
<key> <string>__ac_local_group_roles__</string> </key>
<value>
<dictionary/>
</value>
</item>
<item>
<key> <string>_count</string> </key>
<value>
......
54
\ No newline at end of file
55
\ No newline at end of file
......@@ -4468,36 +4468,21 @@ class LocalRolesTemplateItem(BaseTemplateItem):
obj = p.unrestrictedTraverse(path.split('/', 1)[1])
local_roles_dict = getattr(obj, '__ac_local_roles__',
{}) or {}
group_local_roles_dict = getattr(obj, '__ac_local_group_roles__',
{}) or {}
self._objects[path] = (local_roles_dict, group_local_roles_dict)
self._objects[path] = (local_roles_dict, )
# Function to generate XML Code Manually
def generateXml(self, path=None):
local_roles_dict, group_local_roles_dict = self._objects[path]
local_roles_keys = local_roles_dict.keys()
group_local_roles_keys = group_local_roles_dict.keys()
local_roles_keys.sort()
group_local_roles_keys.sort()
local_roles_dict, = self._objects[path]
# local roles
xml_data = '<local_roles_item>'
xml_data += '\n <local_roles>'
for key in local_roles_keys:
for key in sorted(local_roles_dict):
xml_data += "\n <role id='%s'>" %(key,)
tuple = local_roles_dict[key]
for item in tuple:
xml_data += "\n <item>%s</item>" %(item,)
xml_data += '\n </role>'
xml_data += '\n </local_roles>'
# group local roles
xml_data += '\n <group_local_roles>'
for key in group_local_roles_keys:
xml_data += "\n <role id='%s'>" %(key,)
tuple = group_local_roles_dict[key]
for item in tuple:
xml_data += '\n <item>%s</item>' %(item,)
xml_data += '\n </role>'
xml_data += '\n </group_local_roles>'
xml_data += '\n</local_roles_item>'
return xml_data
......@@ -4538,20 +4523,7 @@ class LocalRolesTemplateItem(BaseTemplateItem):
for item in item_list:
item_type_list.append(str(item.childNodes[0].data))
local_roles_dict[id] = item_type_list
# group local roles
group_local_roles = xml.getElementsByTagName('group_local_roles')[0]
local_roles_list = group_local_roles.getElementsByTagName('role')
group_local_roles_dict = {}
for role in local_roles_list:
id = role.getAttribute('id')
if isinstance(id, unicode):
id = id.encode('utf-8')
item_type_list = []
item_list = role.getElementsByTagName('item')
for item in item_list:
item_type_list.append(str(item.childNodes[0].data))
group_local_roles_dict[id] = item_type_list
self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, group_local_roles_dict)
self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, )
def install(self, context, trashbin, **kw):
update_dict = kw.get('object_to_update')
......@@ -4565,9 +4537,8 @@ class LocalRolesTemplateItem(BaseTemplateItem):
continue
path = roles_path.split('/')[1:]
obj = p.unrestrictedTraverse(path)
local_roles_dict, group_local_roles_dict = self._objects[roles_path]
local_roles_dict, = self._objects[roles_path]
setattr(obj, '__ac_local_roles__', local_roles_dict)
setattr(obj, '__ac_local_group_roles__', group_local_roles_dict)
def uninstall(self, context, **kw):
p = context.getPortalObject()
......@@ -4575,7 +4546,6 @@ class LocalRolesTemplateItem(BaseTemplateItem):
path = roles_path.split('/')[1:]
obj = p.unrestrictedTraverse(path)
setattr(obj, '__ac_local_roles__', {})
setattr(obj, '__ac_local_group_roles__', {})
class BusinessTemplate(XMLObject):
"""
......
......@@ -1793,18 +1793,8 @@ class ERP5Generator(PortalGenerator):
# Calling ERP5Site_reindexAll is useless.
def setupUserFolder(self, p):
# We use if possible ERP5Security, then NuxUserGroups
try:
from Products import ERP5Security
from Products import PluggableAuthService
except ImportError:
ERP5Security = None
try:
import Products.NuxUserGroups
withnuxgroups = 1
except ImportError:
withnuxgroups = 0
if ERP5Security is not None:
# Use Pluggable Auth Service instead of the standard acl_users.
p.manage_addProduct['PluggableAuthService'].addPluggableAuthService()
pas_dispatcher = p.acl_users.manage_addProduct['PluggableAuthService']
......@@ -1842,12 +1832,6 @@ class ERP5Generator(PortalGenerator):
p.acl_users.erp5_roles.manage_activateInterfaces(('IRolesPlugin',))
p.acl_users.erp5_user_factory.manage_activateInterfaces(
('IUserFactoryPlugin',))
elif withnuxgroups:
# NuxUserGroups user folder
p.manage_addProduct['NuxUserGroups'].addUserFolderWithGroups()
else:
# Standard user folder
PortalGenerator.setupUserFolder(self, p)
def setupPermissions(self, p):
permission_dict = {
......
......@@ -54,21 +54,6 @@
</tuple>
</value>
</item>
<item>
<key> <string>__ac_local_group_roles__</string> </key>
<value>
<dictionary>
<item>
<key> <string>role:Authenticated</string> </key>
<value>
<list>
<string>Auditor</string>
</list>
</value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>_count</string> </key>
<value>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
<tuple/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string># XXX For now, this script requires proxy manager\n
\n
# user_folder: NuxUserGroups or PluggableAuthService at the root of the ERP5Site.\n
user_folder = context.portal_url.getPortalObject()[\'acl_users\']\n
\n
# This script must work with NuxUserGroup and PAS\n
PAS_installed = 0\n
if user_folder.meta_type == \'Pluggable Auth Service\':\n
PAS_installed = 1\n
\n
# get the current logged in user\n
if PAS_installed:\n
user_id = context.portal_membership.getAuthenticatedMember().getId()\n
else:\n
user_id = context.portal_membership.getAuthenticatedMember().getUserName()\n
person = context.person[user_id]\n
\n
assignment_list = person.contentValues(filter={\'portal_type\': \'Assignment\'})\n
\n
if len(assignment_list) == 0:\n
return []\n
\n
valid_assignment_list = []\n
\n
for a in assignment_list:\n
if a.getValidationState() == \'open\':\n
valid_assignment_list.append(a)\n
\n
return valid_assignment_list\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>_getitem_</string>
<string>_getattr_</string>
<string>context</string>
<string>user_folder</string>
<string>PAS_installed</string>
<string>user_id</string>
<string>person</string>
<string>assignment_list</string>
<string>len</string>
<string>valid_assignment_list</string>
<string>_getiter_</string>
<string>a</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_getUserAssignmentList</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
1359
\ No newline at end of file
1360
\ No newline at end of file
......@@ -1914,16 +1914,13 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
"""
new_local_roles = {'ac':['Owner', 'Manager'],
'group_function': ['Auditor']}
new_local_group_roles = {'role:Authenticated':['Owner', 'Manager']}
p = self.getPortal()
module_id = sequence.get('module_id')
module = p._getOb(module_id, None)
self.failUnless(module is not None)
module.__ac_local_roles__ = new_local_roles
module.__ac_local_group_roles__ = new_local_group_roles
self.assertEquals(module.__ac_local_roles__, new_local_roles)
self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles)
sequence.edit(local_roles=new_local_roles, local_group_roles=new_local_group_roles)
sequence.edit(local_roles=new_local_roles)
def stepRemoveLocalRoles(self, sequence=None, sequence_list=None, **kw):
"""
......@@ -1934,11 +1931,8 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
module = p._getOb(module_id, None)
self.failUnless(module is not None)
module.__ac_local_roles__ = {'someone_else': ['Associate']}
module.__ac_local_group_roles__ = {}
new_local_roles = sequence.get('local_roles')
new_local_group_roles = sequence.get('local_group_roles')
self.assertNotEquals(module.__ac_local_roles__, new_local_roles)
self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles)
def stepAddLocalRolesToBusinessTemplate(self, sequence=None, sequence_list=None, **kw):
"""
......@@ -1954,26 +1948,22 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
Check presence of local roles
"""
new_local_roles = sequence.get('local_roles')
new_local_group_roles = sequence.get('local_group_roles')
p = self.getPortal()
module_id = sequence.get('module_id')
module = p._getOb(module_id, None)
self.failUnless(module is not None)
self.assertEquals(module.__ac_local_roles__, new_local_roles)
self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles)
def stepCheckLocalRolesRemoved(self, sequence=None, sequence_list=None, **kw):
"""
Check non-presence of local roles
"""
new_local_roles = sequence.get('local_roles')
new_local_group_roles = sequence.get('local_group_roles')
p = self.getPortal()
module_id = sequence.get('module_id')
module = p._getOb(module_id, None)
self.failUnless(module is not None)
self.assertNotEquals(module.__ac_local_roles__, new_local_roles)
self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles)
# Document, Property Sheet, Extension And Test
# they use the same class so only one test is required for them
......
......@@ -121,18 +121,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
self.getUserFolder()._doAddUser('manager', '', all_roles, [])
self.login('manager')
self.assignPASRolesToUser('test_user_1_', all_roles)
def checkUserFolderType(self, quiet=0, run=run_all_test):
"""
Check the type of user folder to let the test working with both NuxUserGroup and PAS.
"""
self.user_folder = self.getUserFolder()
self.PAS_installed = 0
if self.user_folder.meta_type == 'Pluggable Auth Service':
# we use PAS
self.PAS_installed = 1
def assignPASRolesToUser(self, user_name, role_list, quiet=0, run=run_all_test):
"""
Assign a list of roles to one user with PAS.
......@@ -163,20 +153,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
, group = user_data[3]
, site = user_data[4]
)
if self.PAS_installed and len(user_roles) > 0:
# In the case of PAS, if we want global roles on user, we have to do it manually.
self.assignPASRolesToUser(user_login, user_roles)
elif not self.PAS_installed:
# The user_folder counterpart of the erp5 user must be
# created manually in the case of NuxUserGroup.
self.user_folder.userFolderAddUser( name = user_login
, password = ''
, roles = user_roles
, domains = []
)
# User assignment to security groups is also required, but is taken care of
# by the assignment workflow when NuxUserGroup is used and
# by ERP5Security PAS plugins in the context of PAS use.
# In the case of PAS, if we want global roles on user, we have to do it manually.
self.assignPASRolesToUser(user_login, user_roles)
assignment.open()
person.validate()
......@@ -234,7 +212,6 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
self.tic()
self.workflow_tool = self.getWorkflowTool()
self.checkUserFolderType()
def beforeTearDown(self):
"""
......
......@@ -35,7 +35,6 @@ from Products.ERP5Type.Cache import CachingMethod
from AccessControl import ClassSecurityInfo, getSecurityManager
from Products.CMFCore.CatalogTool import IndexableObjectWrapper as CMFCoreIndexableObjectWrapper
from Products.CMFCore.utils import UniqueObject, _checkPermission, _getAuthenticatedUser, getToolByName
from Products.CMFCore.utils import _mergedLocalRoles
from Products.ERP5Type.Globals import InitializeClass, DTMLFile, package_home
from Acquisition import aq_base, aq_inner, aq_parent, ImplicitAcquisitionWrapper
from DateTime.DateTime import DateTime
......@@ -49,6 +48,7 @@ from Products.CMFCore.Expression import Expression
from Products.PageTemplates.Expressions import getEngine
from MethodObject import Method
from Products.ERP5Security import mergedLocalRoles
from Products.ERP5Security.ERP5UserManager import SUPER_USER
from Products.ERP5Type.Utils import sqlquote
......@@ -57,42 +57,11 @@ import sys
from zLOG import LOG, PROBLEM, WARNING, INFO
import sets
SECURITY_USING_NUX_USER_GROUPS, SECURITY_USING_PAS = range(2)
ACQUIRE_PERMISSION_VALUE = []
try:
from Products.PluggableAuthService import PluggableAuthService
PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type
except ImportError:
PAS_meta_type = ''
try:
from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles
except ImportError:
pass
try:
from Products.NuxUserGroups import UserFolderWithGroups
NUG_meta_type = UserFolderWithGroups.meta_type
except ImportError:
NUG_meta_type = ''
try:
from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
except ImportError:
pass
from Persistence import Persistent
from Acquisition import Implicit
def getSecurityProduct(acl_users):
"""returns the security used by the user folder passed.
(NuxUserGroup, ERP5Security, or None if anything else).
"""
if acl_users.meta_type == PAS_meta_type:
return SECURITY_USING_PAS
elif acl_users.meta_type == NUG_meta_type:
return SECURITY_USING_NUX_USER_GROUPS
class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
......@@ -118,17 +87,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
result_key = '_cache_result'
if result_key not in self.__dict__:
ob = self.__ob
security_product = getSecurityProduct(ob.acl_users)
withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS
withpas = security_product == SECURITY_USING_PAS
if withnuxgroups:
localroles = mergedLocalRoles(ob, withgroups=1)
elif withpas:
localroles = PAS_mergedLocalRoles(ob)
else:
# CMF
localroles = _mergedLocalRoles(ob)
localroles = mergedLocalRoles(ob)
# For each group or user, we have a list of roles, this list
# give in this order : [roles on object, roles acquired on the parent,
# roles acquired on the parent of the parent....]
......@@ -170,10 +129,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
user_role_dict = {}
user_view_permission_role_dict = {}
for user, roles in localroles.iteritems():
if withnuxgroups:
prefix = user
else:
prefix = 'user:' + user
prefix = 'user:' + user
for role in roles:
if (role in role_dict) and (getUserById(user) is not None):
# If role is monovalued, check if key is a user.
......@@ -408,8 +364,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return msg
def _listAllowedRolesAndUsers(self, user):
security_product = getSecurityProduct(self.acl_users)
if security_product == SECURITY_USING_PAS:
# We use ERP5Security PAS based authentication
try:
# check for proxy role in stack
......@@ -436,10 +390,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
result.append('user:%s' % group)
# end groups
return result
elif security_product == SECURITY_USING_NUX_USER_GROUPS:
return _getAllowedRolesAndUsers(user)
else:
return CMFCoreCatalogTool._listAllowedRolesAndUsers(self, user)
# Schema Management
def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):
......
......@@ -35,22 +35,10 @@ from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
from Products.ERP5Type.Utils import deprecated, createExpressionContext
from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Security import ERP5UserManager
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT = 'ERP5Type_asSecurityGroupId'
# Security uses ERP5Security by default
try:
from Products.ERP5Security import ERP5UserManager
except ImportError:
ERP5UserManager = None
# If ERP5Security is not installed try NuxUserGroups
if ERP5UserManager is None:
try:
from Products import NuxUserGroups
except ImportError:
NuxUserGroups = None
from TranslationProviderBase import TranslationProviderBase
from sys import exc_info
......@@ -81,48 +69,23 @@ class LocalRoleAssignorMixIn(object):
if owner:
user_name = owner[1]
else:
#FIXME We should check the type of the acl_users folder instead of
# checking which product is installed.
if ERP5UserManager is not None:
# We use id for roles in ERP5Security
user_name = getSecurityManager().getUser().getId()
elif NuxUserGroups is not None:
user_name = getSecurityManager().getUser().getUserName()
else:
raise RuntimeError('Product "ERP5Security" was not found on your'
' setup. Please install it to benefit from group-based security')
user_name = getSecurityManager().getUser().getId()
group_id_role_dict = self.getLocalRolesFor(ob, user_name)
# Update role assignments to groups
if ERP5UserManager is not None: # Default implementation
# Clean old group roles
old_group_list = ob.get_local_roles()
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
if role_list:
ob.manage_addLocalRoles(group, role_list)
else: # NuxUserGroups implementation
# Clean old group roles
old_group_list = ob.get_local_group_roles()
# We duplicate role settings to mimic PAS
ob.manage_delLocalGroupRoles([x[0] for x in old_group_list])
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
# We duplicate role settings to mimic PAS
ob.manage_addLocalGroupRoles(group, role_list)
## Update role assignments to groups
# Clean old group roles
old_group_list = ob.get_local_roles()
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
if role_list:
ob.manage_addLocalRoles(group, role_list)
# Make sure that the object is reindexed
## Make sure that the object is reindexed
if reindex:
ob.reindexObjectSecurity()
......
......@@ -123,7 +123,6 @@ ZopeTestCase.installProduct('PortalTransforms', quiet=install_product_quiet)
ZopeTestCase.installProduct('MimetypesRegistry', quiet=install_product_quiet)
# Security Stuff
ZopeTestCase.installProduct('NuxUserGroups', quiet=install_product_quiet)
ZopeTestCase.installProduct('PluggableAuthService', quiet=install_product_quiet)
ZopeTestCase.installProduct('ERP5Security', quiet=install_product_quiet)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment