[gen] Bugfix: one could authentify with a ldap user even if ldap.enabled was False.
This commit is contained in:
parent
30dbcb7dc7
commit
307f4e152e
|
@ -283,7 +283,7 @@ class ZopeInstaller:
|
|||
# "select" field, because it will be necessary for displaying the
|
||||
# translated state name.
|
||||
state = gen.String(validator=gen.Selection('listStates'),
|
||||
show='result', persist=False, indexed=True)
|
||||
show='result', persist=False, indexed=True, height=5)
|
||||
state.init('state', None, 'workflow')
|
||||
setattr(wrapperClass, 'state', state)
|
||||
# Special field "SearchableText" must be added fot every class and
|
||||
|
|
|
@ -21,6 +21,8 @@ except ImportError:
|
|||
# Global JS internationalized messages that will be computed in every page -----
|
||||
jsMessages = ('no_elem_selected', 'action_confirm', 'save_confirm',
|
||||
'warn_leave_form')
|
||||
|
||||
# Error messages ---------------------------------------------------------------
|
||||
USER_NOT_FOUND = 'User %s not found. Probably a problem implying several ' \
|
||||
'Appy apps put behind the same domain name or dev machine.'
|
||||
|
||||
|
@ -917,16 +919,16 @@ class ToolMixin(BaseMixin):
|
|||
if authentify and not login: return
|
||||
# Now, get the User instance
|
||||
if source == 'zodb':
|
||||
# Get the User object, but only if it is a true local user.
|
||||
# Get the User object, but only if it is a true local user
|
||||
user = tool.search1('User', noSecurity=True, login=login)
|
||||
if user and (user.source != 'zodb'): user = None # Not a local one.
|
||||
if user and (user.source != 'zodb'): user = None # Not a local one
|
||||
elif source == 'ldap':
|
||||
user = None
|
||||
cfg = self.getProductConfig(True).ldap
|
||||
if cfg: user = cfg.getUser(self.appy(), login, password)
|
||||
elif source == 'any':
|
||||
# Get the user object, be it really local or a copy of a LDAP user
|
||||
user = tool.search1('User', noSecurity=True, login=login)
|
||||
user = self.getUser(source='zodb') or self.getUser(source='ldap')
|
||||
if not user: return
|
||||
# Authentify the user if required
|
||||
if authentify:
|
||||
|
@ -937,9 +939,9 @@ class ToolMixin(BaseMixin):
|
|||
k = 'HTTP_AUTHORIZATION'
|
||||
req._auth = req[k] = req._orig_env[k] = None
|
||||
return
|
||||
# Create an authentication cookie for this user.
|
||||
# Create an authentication cookie for this user
|
||||
gutils.writeCookie(login, password, req)
|
||||
# Cache the user and some precomputed values, for performance.
|
||||
# Cache the user and some precomputed values, for performance
|
||||
req.user = user
|
||||
req.userRoles = user.getRoles()
|
||||
req.userLogins = user.getLogins()
|
||||
|
@ -956,8 +958,7 @@ class ToolMixin(BaseMixin):
|
|||
msg = self.translate('enable_cookies')
|
||||
return self.goto(urlBack, msg)
|
||||
# Authenticate the user
|
||||
if self.getUser(authentify=True) or \
|
||||
self.getUser(authentify=True, source='ldap'):
|
||||
if self.getUser(authentify=True, source='any'):
|
||||
msg = self.translate('login_ok')
|
||||
logMsg = 'logged in.'
|
||||
else:
|
||||
|
|
|
@ -97,6 +97,7 @@ input.buttonFixed { width:110px; padding: 0 0 0 10px }
|
|||
.portletCurrent { font-weight: bold }
|
||||
.inputSearch { height: 15px; width: 132px; margin: 3px 3px 2px 3px !important }
|
||||
td.search { padding-top: 8px }
|
||||
.searchFields { width: 100%; margin-bottom: 8px }
|
||||
.content { padding: 9px; background-color: #fbfbfb }
|
||||
.popup { display: none; position: absolute; top: 30%; left: 35%;
|
||||
width: 350px; z-index : 100; background: white; padding: 8px;
|
||||
|
|
|
@ -603,7 +603,7 @@ class ToolWrapper(AbstractWrapper):
|
|||
<input type="hidden" name="className" value=":className"/>
|
||||
<input if="refInfo" type="hidden" name="ref" value=":refInfo"/>
|
||||
|
||||
<table width="100%">
|
||||
<table class="searchFields">
|
||||
<tr for="searchRow in ztool.getGroupedSearchFields(searchInfo)"
|
||||
valign="top">
|
||||
<td for="field in searchRow" class="search"
|
||||
|
@ -617,11 +617,9 @@ class ToolWrapper(AbstractWrapper):
|
|||
</table>
|
||||
|
||||
<!-- Submit button -->
|
||||
<p align=":dright"><br/>
|
||||
<input var="label=_('search_button');
|
||||
css=ztool.getButtonCss(label, small=False)" type="submit"
|
||||
class=":css" value=":label" style=":url('search', bg=True)"/>
|
||||
</p>
|
||||
</form>
|
||||
</x>''', template=AbstractWrapper.pxTemplate, hook='content')
|
||||
|
||||
|
|
|
@ -1244,7 +1244,9 @@ class AbstractWrapper(object):
|
|||
o = self.o
|
||||
workflow = o.getWorkflow()
|
||||
for name in dir(workflow):
|
||||
if getattr(workflow, name).__class__.__name__ != 'State': continue
|
||||
state = getattr(workflow, name)
|
||||
if state.__class__.__name__ != 'State': continue
|
||||
if state.isIsolated(workflow) : continue
|
||||
res.append((name, o.translate(o.getWorkflowLabel(name))))
|
||||
return res
|
||||
|
||||
|
|
Loading…
Reference in a new issue