Commit ce2eaca9 authored by Rafael Monnerat's avatar Rafael Monnerat

ERP5Security: Allow user to login with a user created on the same transaction (improve a bit)

  squash me
parent f0a9bd71
...@@ -111,21 +111,9 @@ class ERP5LoginUserManager(BasePlugin): ...@@ -111,21 +111,9 @@ class ERP5LoginUserManager(BasePlugin):
if login_value is None: if login_value is None:
return return
user_value = login_value.getParentValue() user_value = login_value.getParentValue()
if not user_value.hasUserId(): if not self._isUserValueValid(user_value):
return
if user_value.getValidationState() == 'deleted':
return return
if user_value.getPortalType() in ('Person', ):
now = DateTime()
for assignment in user_value.contentValues(portal_type="Assignment"):
if assignment.getValidationState() == "open" and (
not assignment.hasStartDate() or assignment.getStartDate() <= now
) and (
not assignment.hasStopDate() or assignment.getStopDate() >= now
):
break
else:
return
is_authentication_policy_enabled = self.getPortalObject().portal_preferences.isAuthenticationPolicyEnabled() is_authentication_policy_enabled = self.getPortalObject().portal_preferences.isAuthenticationPolicyEnabled()
if check_password: if check_password:
password = credentials.get('password') password = credentials.get('password')
...@@ -148,6 +136,27 @@ class ERP5LoginUserManager(BasePlugin): ...@@ -148,6 +136,27 @@ class ERP5LoginUserManager(BasePlugin):
return return
return (user_value.getUserId(), login_value.getReference()) return (user_value.getUserId(), login_value.getReference())
def _isUserValueValid(self, user_value):
if not user_value.hasUserId():
return
if user_value.getValidationState() == 'deleted':
return
if user_value.getPortalType() in ('Person', ):
now = DateTime()
for assignment in user_value.contentValues(portal_type="Assignment"):
if assignment.getValidationState() == "open" and (
not assignment.hasStartDate() or assignment.getStartDate() <= now
) and (
not assignment.hasStopDate() or assignment.getStopDate() >= now
):
return True
else:
return
return True
def _getLoginValueFromLogin(self, login, login_portal_type=None): def _getLoginValueFromLogin(self, login, login_portal_type=None):
try: try:
user_list = self.enumerateUsers( user_list = self.enumerateUsers(
...@@ -286,26 +295,28 @@ class ERP5LoginUserManager(BasePlugin): ...@@ -286,26 +295,28 @@ class ERP5LoginUserManager(BasePlugin):
] ]
tv = getTransactionalVariable() tv = getTransactionalVariable()
person = tv.get("transactional_user", None) user_value = tv.get("transactional_user", None)
if person is not None: if user_value is not None and self._isUserValueValid(user_value):
erp5_login = person.objectValues("ERP5 Login")[0] login_value = [l for l in user_value.objectValues(login_portal_type)
if (login is not None and erp5_login.getReference() == None) or \ if l.getValidationState() == 'validated'][0]
(id is not None and person.getUserId() == id[0]):
if (login_value is not None and login_value.getReference() is not None) and \
(id is not None and user_value.getUserId() == id[0]):
result.append({ result.append({
'id': person.getUserId(), 'id': user_value.getUserId(),
# Note: PAS forbids us from returning more than one entry per given id, # Note: PAS forbids us from returning more than one entry per given id,
# so take any available login. # so take any available login.
'login': erp5_login.getReference(), 'login': login_value.getReference(),
'pluginid': plugin_id, 'pluginid': plugin_id,
# Extra properties, specific to ERP5 # Extra properties, specific to ERP5
'path': person.getPath(), 'path': user_value.getPath(),
'uid': person.getUid(), 'uid': user_value.getUid(),
'login_list': [ 'login_list': [
{ {
'reference': erp5_login.getReference(), 'reference': login_value.getReference(),
'path': erp5_login.getRelativeUrl(), 'path': login_value.getRelativeUrl(),
'uid': erp5_login.getPath(), 'uid': login_value.getPath(),
} }
], ],
}) })
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment