use portal_membership._huntUser() instead of calling portal.acl_users.validate...

use portal_membership._huntUser() instead of calling portal.acl_users.validate directly, that does not work for root level zope users. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38533 20353a03-c40f-0410-a6d1-a30d3c3de9de

use portal_membership._huntUser() instead of calling portal.acl_users.validate...
use portal_membership._huntUser() instead of calling portal.acl_users.validate directly, that does not work for root level zope users. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38533 20353a03-c40f-0410-a6d1-a30d3c3de9de
bba77211 · Kazuhiko Shiozaki · 26200864 · bba77211
Commit bba77211 authored Sep 21, 2010 by Kazuhiko Shiozaki
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 4 deletions

product/ERP5/mixin/extensible_traversable.py product/ERP5/mixin/extensible_traversable.py +13 -4

No files found.
--- a/product/ERP5/mixin/extensible_traversable.py
+++ b/product/ERP5/mixin/extensible_traversable.py
@@ -40,6 +40,7 @@ from Products.CMFCore.utils import getToolByName, _setCacheHeaders, _ViewEmulato
 from OFS.Image import File as OFSFile
 from warnings import warn
 import sys
+from base64 import decodestring
 from Products.ERP5Type.UnrestrictedMethod import unrestricted_apply


@@ -84,8 +85,9 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn):
    if user is _MARKER:
      user = None # By default, do nothing
      if old_user is None or old_user.getUserName() == 'Anonymous User':
-        user_folder = getattr(self.getPortalObject(), 'acl_users', None)
-        if user_folder is not None:
+        portal_membership = getToolByName(self.getPortalObject(),
+                                          'portal_membership')
+        if portal_membership is not None:
          try:
            if request.get('PUBLISHED', _MARKER) is _MARKER:
              # request['PUBLISHED'] is required by validate
@@ -94,7 +96,14 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn):
            else:
              has_published = True
            try:
-              user = user_folder.validate(request)
+              auth = request._auth
+              # this logic is copied from identify() in
+              # AccessControl.User.BasicUserFolder.
+              if auth and auth.lower().startswith('basic '):
+                name = decodestring(auth.split(' ')[-1]).split(':', 1)[0]
+                user = portal_membership._huntUser(name, self)
+              else:
+                user = None
            except AttributeError:
              # This kind of error happens with unrestrictedTraverse,
              # because the request object is a fake, and it is just
@@ -206,4 +215,4 @@ class OOoDocumentExtensibleTraversableMixin(BaseExtensibleTraversableMixin):
    if user is not None:
      setSecurityManager(old_manager)
    return document
- 
\ No newline at end of file
+