bugfix.

[Plinn.git] / RegistrationTool.py

diff --git a/RegistrationTool.py b/RegistrationTool.py
index bddd44b..8c2911d 100644 (file)
--- a/RegistrationTool.py
+++ b/RegistrationTool.py
@@ -49,13 +49,16 @@ security = ModuleSecurityInfo('Products.Plinn.RegistrationTool')
 MODE_ANONYMOUS = 'anonymous'
 security.declarePublic('MODE_ANONYMOUS')
 
 MODE_ANONYMOUS = 'anonymous'
 security.declarePublic('MODE_ANONYMOUS')
 

+MODE_PASS_ANONYMOUS = 'pass_anonymous'
+security.declarePublic('MODE_PASS_ANONYMOUS')
+

 MODE_MANAGER = 'manager'
 security.declarePublic('MODE_MANAGER')
 
 MODE_REVIEWED = 'reviewed'
 security.declarePublic('MODE_REVIEWED')
 
 MODE_MANAGER = 'manager'
 security.declarePublic('MODE_MANAGER')
 
 MODE_REVIEWED = 'reviewed'
 security.declarePublic('MODE_REVIEWED')
 

-MODES = [MODE_ANONYMOUS, MODE_MANAGER, MODE_REVIEWED]
+MODES = [MODE_ANONYMOUS, MODE_PASS_ANONYMOUS, MODE_MANAGER, MODE_REVIEWED]

 security.declarePublic('MODES')
 
 DEFAULT_MEMBER_GROUP = 'members'
 security.declarePublic('MODES')
 
 DEFAULT_MEMBER_GROUP = 'members'


@@ -126,7 +129,7 @@ class RegistrationTool(BaseRegistrationTool) :
         urlTool = getToolByName(self, 'portal_url')
         portal = urlTool.getPortalObject()
     
         urlTool = getToolByName(self, 'portal_url')
         portal = urlTool.getPortalObject()
     

-        if mode in [MODE_ANONYMOUS, MODE_REVIEWED] :
+        if mode in [MODE_ANONYMOUS, MODE_PASS_ANONYMOUS, MODE_REVIEWED] :

             portal.manage_permission(AddPortalMember, roles = ['Anonymous', 'Manager'], acquire=1)
         elif mode == MODE_MANAGER :
             portal.manage_permission(AddPortalMember, roles = ['Manager', 'UserManager'], acquire=0)
             portal.manage_permission(AddPortalMember, roles = ['Anonymous', 'Manager'], acquire=1)
         elif mode == MODE_MANAGER :
             portal.manage_permission(AddPortalMember, roles = ['Manager', 'UserManager'], acquire=0)


@@ -153,7 +156,7 @@ class RegistrationTool(BaseRegistrationTool) :
             p=Permission(AddPortalMember, [], portal)
             return p.getRoles()
         
             p=Permission(AddPortalMember, [], portal)
             return p.getRoles()
         

-        if mode in [MODE_ANONYMOUS, MODE_REVIEWED] :
+        if mode in [MODE_ANONYMOUS, MODE_PASS_ANONYMOUS, MODE_REVIEWED] :

             if 'Anonymous' in rolesOfAddPortalMemberPerm() : return False
             
         elif mode == MODE_MANAGER :
             if 'Anonymous' in rolesOfAddPortalMemberPerm() : return False
             
         elif mode == MODE_MANAGER :


@@ -166,14 +169,34 @@ class RegistrationTool(BaseRegistrationTool) :
     security.declareProtected(AddPortalMember, 'addMember')
     def addMember(self, id, password, roles=(), groups=(DEFAULT_MEMBER_GROUP,), domains='', properties=None) :
         """ Idem CMFCore but without default role """
     security.declareProtected(AddPortalMember, 'addMember')
     def addMember(self, id, password, roles=(), groups=(DEFAULT_MEMBER_GROUP,), domains='', properties=None) :
         """ Idem CMFCore but without default role """

-        BaseRegistrationTool.addMember(self, id, password, roles=roles,
-                                       domains=domains, properties=properties)

 
 

-        if self.getMode() in [MODE_ANONYMOUS, MODE_MANAGER] :
+        if self.getMode() != MODE_REVIEWED :

             gtool = getToolByName(self, 'portal_groups')
             mtool = getToolByName(self, 'portal_membership')
             utool = getToolByName(self, 'portal_url')
             portal = utool.getPortalObject()
             gtool = getToolByName(self, 'portal_groups')
             mtool = getToolByName(self, 'portal_membership')
             utool = getToolByName(self, 'portal_url')
             portal = utool.getPortalObject()

+            
+            if self.getMode() == MODE_PASS_ANONYMOUS :
+                private_collections = portal.get('private_collections')
+                if not private_collections :
+                    raise AccessControl_Unauthorized()
+                    return
+                data = private_collections.data
+                lines = filter(None, [l.strip() for l in data.split('\n')])
+                assert len(lines) % 3 == 0
+                collecInfos = {}
+                for i in xrange(0, len(lines), 3) :
+                    collecInfos[lines[i]] = {'pw' : lines[i+1],
+                                             'path' : lines[i+2]}
+                if not (collecInfos.has_key(properties.get('collection_id')) and \
+                    collecInfos[properties.get('collection_id')]['pw'] == properties.get('collection_password')) :
+                    raise AccessControl_Unauthorized('Wrong primary credentials')
+                    return
+            
+            
+            BaseRegistrationTool.addMember(self, id, password, roles=roles,
+                                           domains=domains, properties=properties)
+

             isGrpManager = mtool.checkPermission(ManageGroups, portal) ## TODO : CMF2.1 compat
             aclu = self.aq_inner.acl_users
 
             isGrpManager = mtool.checkPermission(ManageGroups, portal) ## TODO : CMF2.1 compat
             aclu = self.aq_inner.acl_users
 


@@ -188,6 +211,9 @@ class RegistrationTool(BaseRegistrationTool) :
                 aclu.changeUser(aclu.getGroupPrefix() +gid, roles=['Member', ])
                 g = gtool.getGroupById(gid)
                 g.addMember(id)
                 aclu.changeUser(aclu.getGroupPrefix() +gid, roles=['Member', ])
                 g = gtool.getGroupById(gid)
                 g.addMember(id)

+        else :
+            BaseRegistrationTool.addMember(self, id, password, roles=roles,
+                                           domains=domains, properties=properties)

 
 
     def afterAdd(self, member, id, password, properties):
 
 
     def afterAdd(self, member, id, password, properties):


@@ -270,7 +296,7 @@ class RegistrationTool(BaseRegistrationTool) :
             if member :
                 member.setSecurityProfile(password=password)
                 del self._passwordResetRequests[uuid]
             if member :
                 member.setSecurityProfile(password=password)
                 del self._passwordResetRequests[uuid]

-                return  userid, _('Password successfully reset.')
+                return  userid, _('Password successfully updated.')

             else :
                 return None, _('"%s" username not found.') % userid
             
             else :
                 return None, _('"%s" username not found.') % userid