summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJens Vagelpohl <jens@netz.ooo>2002-09-03 10:14:16 +0000
committerJens Vagelpohl <jens@netz.ooo>2002-09-03 10:14:16 +0000
commit475af2ab8aa8c363ec6a76a95bf74fae73a2d977 (patch)
treee61e7fecc397ea198c30301424ec0b3b95fc228a
parentfe61103f064d588f224eb10350608918c5316b0e (diff)
downloadLDAPRoleExtender-475af2ab8aa8c363ec6a76a95bf74fae73a2d977.zip
LDAPRoleExtender-475af2ab8aa8c363ec6a76a95bf74fae73a2d977.tar.gz
- validate rewritten by Shane Hathaway
-rw-r--r--CHANGES.txt9
-rw-r--r--LDAPRoleExtender.py22
2 files changed, 21 insertions, 10 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 3fac49d..ae628d5 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -2,6 +2,15 @@ CHANGES.txt for the LDAPRoleExtender
This file contains change information for the LDAPRoleExtender product.
+ 0.6
+
+ * Bugs fixed
+
+ * Shane Hathaway rewrote the validate method so that it always
+ "does the right thing". His knowledge of arcane security details
+ far surpasses my own...
+
+
0.5
First public release
diff --git a/LDAPRoleExtender.py b/LDAPRoleExtender.py
index d01c249..cfd0bd1 100644
--- a/LDAPRoleExtender.py
+++ b/LDAPRoleExtender.py
@@ -359,20 +359,22 @@ class LDAPRoleExtender( SimpleItem ):
def validate( self, request, auth='', roles=_noroles ):
""" The main engine """
luf = self.getLUF()
- raw_user = luf.validate( request, auth, roles )
- if raw_user is not None:
- extended_user = self.getUser( raw_user.getUserName()
- , raw_user._getPassword()
+ v = request['PUBLISHED'] # the published object
+ a, c, n, v = luf._getobcontext(v, request)
+ name, password = luf.identify(auth)
+ user = luf.authenticate(name, password, request)
+
+ if user is not None:
+ extended_user = self.getUser( user.getId()
+ , user._getPassword()
)
-
if extended_user is not None:
- extended_user = extended_user.__of__( luf )
+ if luf.authorize(extended_user, a, c, n, v, roles):
+ return extended_user.__of__(luf)
- else:
- extended_user = raw_user
-
- return extended_user
+ # Could not extend a user. Defer to other user folders.
+ return None
def manage_beforeDelete( self, item, container ):