Commit ecf4af3a authored by Vincent Pelletier's avatar Vincent Pelletier

Use PAS API.

Allows being compatible with future, improved PAS plugin features.
Also, drop a few useless imports.
parent 1f52711a
# get the current logged user site # get the current logged user site
if user_id is None: if user_id is None:
login = context.portal_membership.getAuthenticatedMember().getUserName() person = context.portal_membership.getAuthenticatedMember().getUserValue()
else: else:
login = user_id person_list = [x for x in context.acl_users.searchUsers(login=user_id, exact_match=True) if 'path' in x]
if person_list:
person, = person_list
person = context.getPortalObject().restrictedTraverse(person['path'])
else:
person = None
persons = context.acl_users.erp5_users.getUserByLogin(login) if person is None:
if len(persons) == 0:
#context.log('Baobab_getUserAssignementList', 'Person %s not found' %(login)) #context.log('Baobab_getUserAssignementList', 'Person %s not found' %(login))
return "" return ""
else: else:
person = persons[0]
return person.getTitle() return person.getTitle()
if user_id is None: if user_id is None:
user_id = context.portal_membership.getAuthenticatedMember().getUserName() person = context.portal_membership.getAuthenticatedMember().getUserValue()
person_list = context.acl_users.erp5_users.getUserByLogin(user_id) else:
if not person_list: person_list = [x for x in context.acl_users.searchUsers(login=user_id, exact_match=True) if 'path' in x]
if person_list:
person, = person_list
person = context.getPortalObject().restrictedTraverse(person['path'])
else:
person = None
if person is None:
return None return None
assignment_list = person_list[0].contentValues(filter={'portal_type': 'Assignment'}) assignment_list = person.contentValues(filter={'portal_type': 'Assignment'})
if not assignment_list: if not assignment_list:
return None return None
valid_assignment = None valid_assignment = None
......
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
""" """
owner_id_list = [i[0] for i in context.get_local_roles() if 'Owner' in i[1]] owner_id_list = [i[0] for i in context.get_local_roles() if 'Owner' in i[1]]
if owner_id_list: if owner_id_list:
from Products.ERP5Security.ERP5UserManager import getUserByLogin found_user_list = [x for x in context.acl_users.searchUsers(id=tuple(owner_id_list), exact_match=True) if 'path' in x]
found_user_list = getUserByLogin(context.getPortalObject(), tuple(owner_id_list))
if found_user_list: if found_user_list:
return found_user_list[0].getTitle() found_user, = found_user_list
return context.getPortalObject().restrictedTraverse(found_user['path']).getTitle()
return owner_id_list[0] return owner_id_list[0]
...@@ -3,9 +3,10 @@ Returns None if no corresponding person, for example when not using ERP5Security ...@@ -3,9 +3,10 @@ Returns None if no corresponding person, for example when not using ERP5Security
""" """
portal = context.getPortalObject() portal = context.getPortalObject()
if user_name is None: if user_name is None:
user_name = portal.portal_membership.getAuthenticatedMember() return portal.portal_membership.getAuthenticatedMember().getUserValue()
user_list = [x for x in portal.acl_users.searchUsers(
from Products.ERP5Security.ERP5UserManager import getUserByLogin exact_match=True,
found_user_list = getUserByLogin(portal, str(user_name)) id=user_name,
if len(found_user_list) == 1: ) if 'path' in x]
return found_user_list[0] if len(user_list) == 1:
return portal.restrictedTraverse(user_list[0]['path'])
...@@ -76,7 +76,6 @@ for gadget in context.portal_gadgets.objectValues(): ...@@ -76,7 +76,6 @@ for gadget in context.portal_gadgets.objectValues():
gadget.public() gadget.public()
# Add a tab and a gadget for everyone # Add a tab and a gadget for everyone
from Products.ERP5Security.ERP5UserManager import getUserByLogin
portal = context.getPortalObject() portal = context.getPortalObject()
for person in context.person_module.objectValues(): for person in context.person_module.objectValues():
user_name = person.getReference() user_name = person.getReference()
......
...@@ -7,8 +7,8 @@ former_password = request.get("current_password") ...@@ -7,8 +7,8 @@ former_password = request.get("current_password")
password_confirm = request.get("password_confirm") password_confirm = request.get("password_confirm")
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
persons = context.acl_users.erp5_users.getUserByLogin(user) person, = context.acl_users.searchUsers(id=user.getUserId(), exact_match=True)
person = persons[0] person = context.getPortalObject().restrictedTraverse(person['path'])
if not person.checkPassword(former_password): if not person.checkPassword(former_password):
msg = translateString("Current password is wrong.") msg = translateString("Current password is wrong.")
......
from DateTime import DateTime from DateTime import DateTime
from Products.ERP5Security.ERP5UserManager import getUserByLogin
person_list = getUserByLogin(context, login) person_list = [x for x in context.acl_users.searchUsers(login=login, exact_match=True) if 'path' in x]
if not person_list: if not person_list:
return False, [] return False, []
person = person_list[0] person, = person_list
person = context.getPortalObject().restrictedTraverse(person['path'])
if person.getPassword(format='palo_md5') != password: if person.getPassword(format='palo_md5') != password:
return False, [] return False, []
......
...@@ -42,7 +42,7 @@ if ( ...@@ -42,7 +42,7 @@ if (
destination_decision_person.getDefaultEmailText() and destination_decision_person.getDefaultEmailText() and
destination_decision_person.getReference() destination_decision_person.getReference()
): ):
if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())): if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
message = """A new task has been assigned to you by %(assignor)s. message = """A new task has been assigned to you by %(assignor)s.
This task is named: %(title)s This task is named: %(title)s
......
...@@ -13,7 +13,7 @@ if source_person is not None \ ...@@ -13,7 +13,7 @@ if source_person is not None \
and destination_decision_person is not None \ and destination_decision_person is not None \
and destination_decision_person.getDefaultEmailText() \ and destination_decision_person.getDefaultEmailText() \
and destination_decision_person.getReference(): and destination_decision_person.getReference():
if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())): if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
message = """ message = """
%s has finished the task report titled with %s. %s has finished the task report titled with %s.
Please look at this URL: Please look at this URL:
......
...@@ -25,7 +25,7 @@ if source_person is not None \ ...@@ -25,7 +25,7 @@ if source_person is not None \
and destination_decision_person is not None\ and destination_decision_person is not None\
and source_person.getDefaultEmailText() \ and source_person.getDefaultEmailText() \
and source_person.getReference(): and source_person.getReference():
if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())): if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
message = """ message = """
A question from task has been assigned to you by %(assignor)s. A question from task has been assigned to you by %(assignor)s.
......
...@@ -13,7 +13,7 @@ if source_person is not None \ ...@@ -13,7 +13,7 @@ if source_person is not None \
and destination_decision_person is not None\ and destination_decision_person is not None\
and source_person.getDefaultEmailText() \ and source_person.getDefaultEmailText() \
and source_person.getReference(): and source_person.getReference():
if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())): if portal.acl_users.searchUsers(id=source_person.getReference(), exact_match=True):
message = """ message = """
Restarted task has been assigned to you by %(assignor)s. Restarted task has been assigned to you by %(assignor)s.
......
...@@ -37,7 +37,7 @@ if 'password_confirm' in kw: ...@@ -37,7 +37,7 @@ if 'password_confirm' in kw:
del kw['password_confirm'] del kw['password_confirm']
#Check that user doesn't already exists #Check that user doesn't already exists
person_list = portal.acl_users.erp5_users.getUserByLogin(kw['reference']) person_list = [x for x in portal.acl_users.searchUsers(login=kw['reference'], exact_match=True) if 'path' in x]
if person_list: if person_list:
msg = translateString("This account already exists. Please provide another email address.") msg = translateString("This account already exists. Please provide another email address.")
kw['portal_status_message'] = msg kw['portal_status_message'] = msg
......
...@@ -142,17 +142,21 @@ class PasswordTool(BaseTool): ...@@ -142,17 +142,21 @@ class PasswordTool(BaseTool):
msg = None msg = None
# check user exists, and have an email # check user exists, and have an email
user_list = self.getPortalObject().acl_users.\ user_list = [x for x in self.getPortalObject().acl_users.searchUsers(
erp5_users.getUserByLogin(user_login) login=user_login,
exact_match=True,
) if 'path' in x]
if len(user_list) == 0: if len(user_list) == 0:
msg = translateString("User ${user} does not exist.", msg = translateString("User ${user} does not exist.",
mapping={'user':user_login}) mapping={'user':user_login})
else: else:
# We use checked_permission to prevent errors when trying to acquire # We use checked_permission to prevent errors when trying to acquire
# email from organisation # email from organisation
user = user_list[0] user, = user_list
email_value = user.getDefaultEmailValue( user_value = self.getPortalObject().unrestrictedTraverse(
checked_permission='Access content information') user['path'])
email_value = user_value.getDefaultEmailValue(
checked_permission='Access content information')
if email_value is None or not email_value.asText(): if email_value is None or not email_value.asText():
msg = translateString( msg = translateString(
"User ${user} does not have an email address, please contact site " "User ${user} does not have an email address, please contact site "
...@@ -200,7 +204,7 @@ class PasswordTool(BaseTool): ...@@ -200,7 +204,7 @@ class PasswordTool(BaseTool):
'language':notification_message.getLanguage(), 'language':notification_message.getLanguage(),
} }
self.getPortalObject().portal_notifications.sendMessage(sender=sender, recipient=[user,], self.getPortalObject().portal_notifications.sendMessage(sender=sender, recipient=[user_value,],
subject=subject, message=message, subject=subject, message=message,
store_as_event=store_as_event, store_as_event=store_as_event,
message_text_format=message_text_format, message_text_format=message_text_format,
...@@ -272,11 +276,15 @@ class PasswordTool(BaseTool): ...@@ -272,11 +276,15 @@ class PasswordTool(BaseTool):
# XXX: incorrect grammar # XXX: incorrect grammar
return error("Date has expire.") return error("Date has expire.")
del self._password_request_dict[password_key] del self._password_request_dict[password_key]
persons = self.getPortalObject().acl_users.erp5_users.getUserByLogin( portal = self.getPortalObject()
register_user_login) user_dict, = portal.acl_users.searchUsers(
person = persons[0] login=register_user_login,
person._forceSetPassword(password) exact_match=True,
person.reindexObject() )
login_dict, = user_dict['login_list']
login = portal.unrestrictedTraverse(login_dict['path'])
login._forceSetPassword(password)
login.reindexObject()
return redirect(REQUEST, site_url, return redirect(REQUEST, site_url,
translateString("Password changed.")) translateString("Password changed."))
......
...@@ -53,18 +53,19 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec ...@@ -53,18 +53,19 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
category_list = [] category_list = []
person_object_list = self.portal_catalog.unrestrictedSearchResults( user_list = [
query=SimpleQuery(reference=user_name), portal_type='Person') x for x in self.acl_users.searchUsers(
id=user_name,
if len(person_object_list) != 1: exact_match=True,
if len(person_object_list) > 1: ) if 'path' in x
raise ConsistencyError, "Error: There is more than one Person with reference '%s'" % user_name ]
else: if not user_list:
# if a person_object was not found in the module, we do nothing more # if a person_object was not found in the module, we do nothing more
# this happens for example when a manager with no associated person object # this happens for example when a manager with no associated person object
# creates a person_object for a new user # creates a person_object for a new user
return [] return []
person_object = person_object_list[0].getObject() user, = user_list
person_object = self.getPortalObject().unrestrictedTraverse(user['path'])
# We look for every valid assignments of this user # We look for every valid assignments of this user
for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}): for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
......
...@@ -6,8 +6,8 @@ new_password = request.get("new_password") ...@@ -6,8 +6,8 @@ new_password = request.get("new_password")
former_password = request.get("current_password") former_password = request.get("current_password")
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
persons = context.acl_users.erp5_users.getUserByLogin(user) person, = context.acl_users.searchUsers(id=user.getId(), exact_match=True)
person = persons[0] person = context.getPortalObject().restrictedTraverse(person['path'])
if not person.checkPassword(former_password): if not person.checkPassword(former_password):
msg = translateString("Current password is wrong.") msg = translateString("Current password is wrong.")
......
...@@ -39,7 +39,6 @@ from AccessControl.SecurityManagement import getSecurityManager, \ ...@@ -39,7 +39,6 @@ from AccessControl.SecurityManagement import getSecurityManager, \
setSecurityManager, newSecurityManager setSecurityManager, newSecurityManager
from Products.ERP5Type.Cache import DEFAULT_CACHE_SCOPE from Products.ERP5Type.Cache import DEFAULT_CACHE_SCOPE
import socket import socket
from Products.ERP5Security.ERP5UserManager import getUserByLogin
from zLOG import LOG, ERROR, INFO from zLOG import LOG, ERROR, INFO
try: try:
...@@ -181,8 +180,7 @@ class ERP5ExternalOauth2ExtractionPlugin: ...@@ -181,8 +180,7 @@ class ERP5ExternalOauth2ExtractionPlugin:
self.REQUEST['USER_CREATION_IN_PROGRESS'] = user self.REQUEST['USER_CREATION_IN_PROGRESS'] = user
else: else:
# create the user if not found # create the user if not found
person_list = getUserByLogin(self.getPortalObject(), user) if not self.searchUsers(id=user, exact_match=True):
if len(person_list) == 0:
sm = getSecurityManager() sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER: if sm.getUser().getId() != SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER)) newSecurityManager(self, self.getUser(SUPER_USER))
......
...@@ -87,7 +87,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -87,7 +87,7 @@ class ERP5GroupManager(BasePlugin):
return () return ()
@UnrestrictedMethod @UnrestrictedMethod
def _getGroupsForPrincipal(user_name, path): def _getGroupsForPrincipal(user_id, path):
security_category_dict = {} # key is the base_category_list, security_category_dict = {} # key is the base_category_list,
# value is the list of fetched categories # value is the list of fetched categories
security_group_list = [] security_group_list = []
...@@ -117,17 +117,15 @@ class ERP5GroupManager(BasePlugin): ...@@ -117,17 +117,15 @@ class ERP5GroupManager(BasePlugin):
else: else:
security_definition_list = mapping_method() security_definition_list = mapping_method()
# get the person from its reference - no security check needed # get the person from its login - no security check needed
catalog_result = self.portal_catalog.unrestrictedSearchResults( user_list = [
portal_type="Person", query=SimpleQuery(reference=user_name)) x for x in self.searchUsers(id=user_id, exact_match=True)
if len(catalog_result) != 1: # we won't proceed with groups if 'path' in x
if len(catalog_result) > 1: # configuration is screwed ]
raise ConsistencyError, 'There is more than one Person whose \ if not user_list:
login is %s : %s' % (user_name, return ()
repr([r.getObject() for r in catalog_result])) user, = user_list
else: # no person is linked to this user login person_object = self.getPortalObject().unrestrictedTraverse(user['path'])
return ()
person_object = catalog_result[0].getObject()
# Fetch category values from defined scripts # Fetch category values from defined scripts
for (method_name, base_category_list) in security_definition_list: for (method_name, base_category_list) in security_definition_list:
...@@ -141,7 +139,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -141,7 +139,7 @@ class ERP5GroupManager(BasePlugin):
# Currently, passing portal_type='' (instead of 'Person') # Currently, passing portal_type='' (instead of 'Person')
# is the only way to make the difference. # is the only way to make the difference.
security_category_list.extend( security_category_list.extend(
method(base_category_list, user_name, person_object, '') method(base_category_list, user_id, person_object, '')
) )
except ConflictError: except ConflictError:
raise raise
...@@ -184,7 +182,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -184,7 +182,7 @@ class ERP5GroupManager(BasePlugin):
cache_factory='erp5_content_short') cache_factory='erp5_content_short')
return _getGroupsForPrincipal( return _getGroupsForPrincipal(
user_name=principal.getId(), user_id=principal.getId(),
path=self.getPhysicalPath()) path=self.getPhysicalPath())
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment