[IMP] security : move login, access, check method into res.users object
bzr revid: hmo@tinyerp.com-20100129060644-q846msahr5mtqvsr
This commit is contained in:
parent
0ded9e51d5
commit
401b6c536d
|
@ -23,7 +23,9 @@ from osv import fields,osv
|
|||
from osv.orm import except_orm
|
||||
import tools
|
||||
import pytz
|
||||
import pooler
|
||||
from tools.translate import _
|
||||
from service import security
|
||||
|
||||
class groups(osv.osv):
|
||||
_name = "res.groups"
|
||||
|
@ -119,6 +121,7 @@ def _companies_get(self,cr, uid, context={}):
|
|||
|
||||
class users(osv.osv):
|
||||
__admin_ids = {}
|
||||
_uid_cache = {}
|
||||
_name = "res.users"
|
||||
|
||||
def get_current_company(self, cr, uid):
|
||||
|
@ -260,6 +263,56 @@ class users(osv.osv):
|
|||
data_id = dataobj._get_id(cr, 1, 'base', 'action_res_users_my')
|
||||
return dataobj.browse(cr, uid, data_id, context).res_id
|
||||
|
||||
|
||||
def login(self, db, login, password):
|
||||
if not password:
|
||||
return False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
cr.execute('select id from res_users where login=%s and password=%s and active', (tools.ustr(login), tools.ustr(password)))
|
||||
res = cr.fetchone()
|
||||
cr.close()
|
||||
if res:
|
||||
return res[0]
|
||||
else:
|
||||
return False
|
||||
|
||||
def check_super(self, passwd):
|
||||
if passwd == tools.config['admin_passwd']:
|
||||
return True
|
||||
else:
|
||||
raise security.ExceptionNoTb('AccessDenied')
|
||||
|
||||
def check(self, db, uid, passwd):
|
||||
if not passwd:
|
||||
return False
|
||||
cached_pass = self._uid_cache.get(db, {}).get(uid)
|
||||
if (cached_pass is not None) and cached_pass == passwd:
|
||||
return True
|
||||
cr = pooler.get_db(db).cursor()
|
||||
cr.execute('select count(1) from res_users where id=%s and password=%s and active=%s', (int(uid), passwd, True))
|
||||
res = cr.fetchone()[0]
|
||||
cr.close()
|
||||
if not bool(res):
|
||||
raise security.ExceptionNoTb('AccessDenied')
|
||||
if res:
|
||||
if self._uid_cache.has_key(db):
|
||||
ulist = self._uid_cache[db]
|
||||
ulist[uid] = passwd
|
||||
else:
|
||||
self._uid_cache[db] = {uid:passwd}
|
||||
return bool(res)
|
||||
|
||||
def access(self, db, uid, passwd, sec_level, ids):
|
||||
if not passwd:
|
||||
return False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
cr.execute('select id from res_users where id=%s and password=%s', (uid, passwd))
|
||||
res = cr.fetchone()
|
||||
cr.close()
|
||||
if not res:
|
||||
raise security.ExceptionNoTb('Bad username or password')
|
||||
return res[0]
|
||||
|
||||
_constraints = [
|
||||
(_check_company, 'This user can not connect using this company !', ['company_id']),
|
||||
]
|
||||
|
|
|
@ -22,8 +22,6 @@
|
|||
import pooler
|
||||
import tools
|
||||
|
||||
_uid_cache = {}
|
||||
|
||||
# When rejecting a password, we need to give as little info as possible
|
||||
class ExceptionNoTb(Exception):
|
||||
def __init__(self, msg ):
|
||||
|
@ -32,16 +30,9 @@ class ExceptionNoTb(Exception):
|
|||
self.args = (msg, '')
|
||||
|
||||
def login(db, login, password):
|
||||
if not password:
|
||||
return False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
cr.execute('select id from res_users where login=%s and password=%s and active', (tools.ustr(login), tools.ustr(password)))
|
||||
res = cr.fetchone()
|
||||
cr.close()
|
||||
if res:
|
||||
return res[0]
|
||||
else:
|
||||
return False
|
||||
pool = pooler.get_pool(db)
|
||||
user_obj = pool.get('res.users')
|
||||
return user_obj.login(db, login, password)
|
||||
|
||||
def check_super(passwd):
|
||||
if passwd == tools.config['admin_passwd']:
|
||||
|
@ -50,35 +41,14 @@ def check_super(passwd):
|
|||
raise ExceptionNoTb('AccessDenied')
|
||||
|
||||
def check(db, uid, passwd):
|
||||
if not passwd:
|
||||
return False
|
||||
cached_pass = _uid_cache.get(db, {}).get(uid)
|
||||
if (cached_pass is not None) and cached_pass == passwd:
|
||||
return True
|
||||
cr = pooler.get_db(db).cursor()
|
||||
cr.execute('select count(1) from res_users where id=%s and password=%s and active=%s', (int(uid), passwd, True))
|
||||
res = cr.fetchone()[0]
|
||||
cr.close()
|
||||
if not bool(res):
|
||||
raise ExceptionNoTb('AccessDenied')
|
||||
if res:
|
||||
if _uid_cache.has_key(db):
|
||||
ulist = _uid_cache[db]
|
||||
ulist[uid] = passwd
|
||||
else:
|
||||
_uid_cache[db] = {uid:passwd}
|
||||
return bool(res)
|
||||
pool = pooler.get_pool(db)
|
||||
user_obj = pool.get('res.users')
|
||||
return user_obj.check(db, uid, passwd)
|
||||
|
||||
def access(db, uid, passwd, sec_level, ids):
|
||||
if not passwd:
|
||||
return False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
cr.execute('select id from res_users where id=%s and password=%s', (uid, passwd))
|
||||
res = cr.fetchone()
|
||||
cr.close()
|
||||
if not res:
|
||||
raise ExceptionNoTb('Bad username or password')
|
||||
return res[0]
|
||||
pool = pooler.get_pool(db)
|
||||
user_obj = pool.get('res.users')
|
||||
return user_obj.access(db, uid, passwd, sec_level, ids)
|
||||
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
Loading…
Reference in New Issue