[IMP] security : move login, access, check method into res.users object

bzr revid: hmo@tinyerp.com-20100129060644-q846msahr5mtqvsr
2010-01-29 11:36:44 +05:30 · 2010-01-29 11:36:44 +05:30 · 401b6c536d
parent 0ded9e51d5
commit 401b6c536d
2 changed files with 62 additions and 39 deletions
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@ -23,7 +23,9 @@ from osv import fields,osv
 from osv.orm import except_orm
 import tools
 import pytz
+import pooler
 from tools.translate import _
+from service import security

 class groups(osv.osv):
    _name = "res.groups"
@ -119,6 +121,7 @@ def _companies_get(self,cr, uid, context={}):

 class users(osv.osv):
    __admin_ids = {}
+    _uid_cache = {}
    _name = "res.users"

    def get_current_company(self, cr, uid):
@ -260,6 +263,56 @@ class users(osv.osv):
        data_id = dataobj._get_id(cr, 1, 'base', 'action_res_users_my')
        return dataobj.browse(cr, uid, data_id, context).res_id

+
+    def login(self, db, login, password):
+        if not password:
+            return False
+        cr = pooler.get_db(db).cursor()    
+        cr.execute('select id from res_users where login=%s and password=%s and active', (tools.ustr(login), tools.ustr(password)))
+        res = cr.fetchone()
+        cr.close()
+        if res:
+            return res[0]
+        else:
+            return False
+
+    def check_super(self, passwd):
+        if passwd == tools.config['admin_passwd']:
+            return True
+        else:
+            raise security.ExceptionNoTb('AccessDenied')
+
+    def check(self, db, uid, passwd):
+        if not passwd:
+            return False
+        cached_pass = self._uid_cache.get(db, {}).get(uid)
+        if (cached_pass is not None) and cached_pass == passwd:
+            return True
+        cr = pooler.get_db(db).cursor()    
+        cr.execute('select count(1) from res_users where id=%s and password=%s and active=%s', (int(uid), passwd, True))    
+        res = cr.fetchone()[0]
+        cr.close()
+        if not bool(res):
+            raise security.ExceptionNoTb('AccessDenied')
+        if res:
+            if self._uid_cache.has_key(db):
+                ulist = self._uid_cache[db]
+                ulist[uid] = passwd
+            else:
+                self._uid_cache[db] = {uid:passwd}
+        return bool(res)
+
+    def access(self, db, uid, passwd, sec_level, ids):
+        if not passwd:
+            return False
+        cr = pooler.get_db(db).cursor()    
+        cr.execute('select id from res_users where id=%s and password=%s', (uid, passwd))
+        res = cr.fetchone()
+        cr.close()
+        if not res:
+            raise security.ExceptionNoTb('Bad username or password')
+        return res[0]
+
    _constraints = [
        (_check_company, 'This user can not connect using this company !', ['company_id']),
    ]
--- a/bin/service/security.py
+++ b/bin/service/security.py
@ -22,8 +22,6 @@
 import pooler
 import tools

-_uid_cache = {}
-
 # When rejecting a password, we need to give as little info as possible
 class ExceptionNoTb(Exception):
    def __init__(self, msg ):
@ -32,16 +30,9 @@ class ExceptionNoTb(Exception):
        self.args = (msg, '')

 def login(db, login, password):
-    if not password:
-        return False
-    cr = pooler.get_db(db).cursor()    
-    cr.execute('select id from res_users where login=%s and password=%s and active', (tools.ustr(login), tools.ustr(password)))
-    res = cr.fetchone()
-    cr.close()
-    if res:
-        return res[0]
-    else:
-        return False
+    pool = pooler.get_pool(db)
+    user_obj = pool.get('res.users')
+    return user_obj.login(db, login, password)

 def check_super(passwd):
    if passwd == tools.config['admin_passwd']:
@ -50,35 +41,14 @@ def check_super(passwd):
        raise ExceptionNoTb('AccessDenied')

 def check(db, uid, passwd):
-    if not passwd:
-        return False
-    cached_pass = _uid_cache.get(db, {}).get(uid)
-    if (cached_pass is not None) and cached_pass == passwd:
-        return True
-    cr = pooler.get_db(db).cursor()    
-    cr.execute('select count(1) from res_users where id=%s and password=%s and active=%s', (int(uid), passwd, True))    
-    res = cr.fetchone()[0]
-    cr.close()
-    if not bool(res):
-        raise ExceptionNoTb('AccessDenied')
-    if res:
-        if _uid_cache.has_key(db):
-            ulist = _uid_cache[db]
-            ulist[uid] = passwd
-        else:
-            _uid_cache[db] = {uid:passwd}
-    return bool(res)
+    pool = pooler.get_pool(db)
+    user_obj = pool.get('res.users')
+    return user_obj.check(db, uid, passwd)

 def access(db, uid, passwd, sec_level, ids):
-    if not passwd:
-        return False
-    cr = pooler.get_db(db).cursor()    
-    cr.execute('select id from res_users where id=%s and password=%s', (uid, passwd))
-    res = cr.fetchone()
-    cr.close()
-    if not res:
-        raise ExceptionNoTb('Bad username or password')
-    return res[0]
+    pool = pooler.get_pool(db)
+    user_obj = pool.get('res.users')
+    return user_obj.access(db, uid, passwd, sec_level, ids)


 # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: