[Erp5-report] r40136 rafael - /erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp...
nobody at svn.erp5.org
nobody at svn.erp5.org
Tue Nov 9 17:46:08 CET 2010
Author: rafael
Date: Tue Nov 9 17:46:08 2010
New Revision: 40136
URL: http://svn.erp5.org?rev=40136&view=rev
Log:
Change the way Person_getDataDict is invoked. This prevents any information leak. Send user email also, this is required when user decides to reset their own password from Auth. Server.
Modified:
erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_createNewGlobalUserAccount.xml
erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_getDataDict.xml
erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_invalidateGlobalUserAccount.xml
erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_synchroniseExistingAccountWithInstance.xml
erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_validateGlobalUserAccount.xml
Modified: erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_createNewGlobalUserAccount.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_createNewGlobalUserAccount.xml?rev=40136&r1=40135&r2=40136&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_createNewGlobalUserAccount.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_createNewGlobalUserAccount.xml [utf8] Tue Nov 9 17:46:08 2010
@@ -54,12 +54,14 @@
\n
if person is None:\n
person = context\n
-kw = person.Person_getDataDict()\n
+\n
+kw = context.Person_getDataDict(person=person)\n
kw[\'password\'] = password\n
\n
# explicitly check if username is unique\n
if portal.Base_validatePersonReference(kw[\'reference\'], context.REQUEST):\n
# create user in Authentification Server\n
+ kw[\'start_assignment\'] = len(person.Person_getAvailableAssignmentValueList())\n
portal.portal_wizard.callRemoteProxyMethod(\n
\'WitchTool_createNewGlobalUserAccountFromExpressInstance\', \\\n
use_cache = 0, \\\n
@@ -119,6 +121,7 @@ else:\n
<string>None</string>
<string>_write_</string>
<string>_getitem_</string>
+ <string>len</string>
<string>_apply_</string>
<string>ValueError</string>
</tuple>
Modified: erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_getDataDict.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_getDataDict.xml?rev=40136&r1=40135&r2=40136&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_getDataDict.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_getDataDict.xml [utf8] Tue Nov 9 17:46:08 2010
@@ -50,13 +50,10 @@
</item>
<item>
<key> <string>_body</string> </key>
- <value> <string>if person is None:\n
- person = context\n
-\n
-kw = {\'reference\': person.getReference(),\n
+ <value> <string>return {\'reference\': person.getReference(),\n
\'validation_state\': person.getValidationState(),\n
+ \'email\': person.getDefaultEmailText(),\n
\'erp5_uid\': context.ERP5Site_getExpressInstanceUid()}\n
-return kw\n
</string> </value>
</item>
<item>
@@ -102,10 +99,8 @@ return kw\n
<value>
<tuple>
<string>person</string>
- <string>None</string>
- <string>context</string>
<string>_getattr_</string>
- <string>kw</string>
+ <string>context</string>
</tuple>
</value>
</item>
Modified: erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_invalidateGlobalUserAccount.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_invalidateGlobalUserAccount.xml?rev=40136&r1=40135&r2=40136&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_invalidateGlobalUserAccount.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_invalidateGlobalUserAccount.xml [utf8] Tue Nov 9 17:46:08 2010
@@ -60,15 +60,20 @@ if person is None:\n
person = context\n
\n
reference = person.getReference()\n
-if reference is not None and \\\n
- len(person.Person_getAvailableAssignmentValueList()) == 0:\n
- # invalidate user in Authentification Server only if its a loggable user in current instance\n
- kw = person.Person_getDataDict()\n
+assignment_len = len(person.Person_getAvailableAssignmentValueList())\n
+if reference is not None and assignment_len == 0:\n
+ # invalidate user in Authentification Server only if \n
+ # its a loggable user in current instance\n
+ kw = context.Person_getDataDict(person=person)\n
context.portal_wizard.callRemoteProxyMethod(\n
\'WitchTool_invalidateGlobalUserAccountFromExpressInstance\', \\\n
use_cache = 0, \\\n
ignore_exceptions = 0, \\\n
**kw)\n
+else:\n
+ log("Unable to invalidate remote global account for "\\\n
+ "%s (reference=%s , len(assignment_list)=%s)" % (person.getRelativeUrl(), \n
+ reference, assignment_len))\n
</string> </value>
</item>
<item>
@@ -118,7 +123,9 @@ if reference is not None and \\\n
<string>_getattr_</string>
<string>reference</string>
<string>len</string>
+ <string>assignment_len</string>
<string>_apply_</string>
+ <string>log</string>
</tuple>
</value>
</item>
Modified: erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_synchroniseExistingAccountWithInstance.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_synchroniseExistingAccountWithInstance.xml?rev=40136&r1=40135&r2=40136&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_synchroniseExistingAccountWithInstance.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_synchroniseExistingAccountWithInstance.xml [utf8] Tue Nov 9 17:46:08 2010
@@ -55,7 +55,7 @@
if person is None:\n
person = context\n
\n
-kw = person.Person_getDataDict()\n
+kw = context.Person_getDataDict(person=person)\n
\n
# explicitly check if username is unique\n
if portal.WizardTool_isPersonReferencePresent(kw[\'reference\']):\n
Modified: erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_validateGlobalUserAccount.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_validateGlobalUserAccount.xml?rev=40136&r1=40135&r2=40136&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_validateGlobalUserAccount.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_wizard/SkinTemplateItem/portal_skins/erp5_wizard/Person_validateGlobalUserAccount.xml [utf8] Tue Nov 9 17:46:08 2010
@@ -58,20 +58,24 @@
Only validate remote person/assigments if person \n
has reference and valid assigments. \n
"""\n
-\n
+from Products.ERP5Type.Log import log\n
if person is None:\n
person = context\n
\n
reference = person.getReference()\n
-if reference is not None and \\\n
- len(person.Person_getAvailableAssignmentValueList()) > 0:\n
+assignment_len = len(person.Person_getAvailableAssignmentValueList())\n
+if reference is not None and assignment_len > 0:\n
# validate user in Nexedi ERP5 only if its a loggable user in current instance\n
- kw = person.Person_getDataDict()\n
+ kw = context.Person_getDataDict(person=person)\n
context.portal_wizard.callRemoteProxyMethod(\n
\'WitchTool_validateGlobalUserAccountFromExpressInstance\', \\\n
use_cache = 0, \\\n
ignore_exceptions = 0, \\\n
**kw)\n
+else:\n
+ log("Unable to validate remote global account for "\\\n
+ "%s (reference=%s , len(assignment_list)=%s)" % (person.getRelativeUrl(), \n
+ reference, assignment_len))\n
]]></string> </value>
@@ -118,11 +122,14 @@ if reference is not None and \\\n
<tuple>
<string>person</string>
<string>kw</string>
+ <string>Products.ERP5Type.Log</string>
+ <string>log</string>
<string>None</string>
<string>context</string>
<string>_getattr_</string>
<string>reference</string>
<string>len</string>
+ <string>assignment_len</string>
<string>_apply_</string>
</tuple>
</value>
More information about the Erp5-report
mailing list