Ticket #9460 (closed Bug: fixed)

Opened 6 years ago

Last modified 5 years ago

Products.PlonePAS==3.9: "plugins.group.GroupManager.getGroupById" hijacks foreign groups

Reported by: dieter Owned by:
Priority: minor Milestone: 4.0
Component: General Version:
Keywords: patch Cc: dieter@…

Description

As the following script demonstrates, the 'GroupManager's 'getGroupById' returns groups managed by other group managers (e.g. 'auto_group'). This is fatal when those groups require special implementation of their methods.

p=app.plone
uf=p.acl_users
g=uf.getGroup('AuthenticatedUsers')
g.aq_parent
list(g.aq_parent.getGroupIds())

The attached patch fixes this problem.

Attachments

plonepas_group.pat Download (605 bytes) - added by dieter 6 years ago.

Change History

Changed 6 years ago by dieter

comment:1 Changed 6 years ago by dieter

I do not know why but patch attachment does not seem to work for me: the uploaded patches do not show their content. Therefore, the patch here again inlined.

--- eggs/Products.PlonePAS-3.9-py2.4.egg/Products/PlonePAS/plugins/group.py~	2009-06-29 17:34:41.000000000 +0200
+++ eggs/Products.PlonePAS-3.9-py2.4.egg/Products/PlonePAS/plugins/group.py	2009-08-27 06:49:28.000000000 +0200
@@ -103,10 +103,7 @@
     def getGroupById(self, group_id, default=None):
         plugins = self._getPAS()._getOb('plugins')
 
-        group_id = self._verifyGroup(plugins, group_id=group_id)
-        title = None
-
-        if not group_id:
+        if group_id not in self.getGroupIds():
             return default
 
         return self._findGroup(plugins, group_id, title)

comment:2 Changed 6 years ago by vincentfretin

What's this extension .pat ? Try with .patch, it will work better I think. :-)

comment:3 follow-up: ↓ 4 Changed 6 years ago by dieter

The patch deleted on line too much. Here is a corrected one.

--- eggs/Products.PlonePAS-3.9-py2.4.egg/Products/PlonePAS/plugins/group.py~	2009-06-29 17:34:41.000000000 +0200
+++ eggs/Products.PlonePAS-3.9-py2.4.egg/Products/PlonePAS/plugins/group.py	2009-08-27 06:49:28.000000000 +0200
@@ -103,10 +103,7 @@
     def getGroupById(self, group_id, default=None):
         plugins = self._getPAS()._getOb('plugins')
 
-        group_id = self._verifyGroup(plugins, group_id=group_id)
         title = None
-
-        if not group_id:
+        if group_id not in self.getGroupIds():
             return default
 
         return self._findGroup(plugins, group_id, title)

comment:4 in reply to: ↑ 3 Changed 6 years ago by dieter

Replying to dieter:

The patch deleted on line too much. Here is a corrected one. ....

When I have tried to apply the patch, "patch" was not happy with it. Here is another fix.

--- eggs/Products.PlonePAS-3.9-py2.4.egg/Products/PlonePAS/plugins/group.py~	2009-06-29 17:34:41.000000000 +0200
+++ eggs/Products.PlonePAS-3.9-py2.4.egg/Products/PlonePAS/plugins/group.py	2009-08-27 06:49:28.000000000 +0200
@@ -103,10 +103,8 @@
     def getGroupById(self, group_id, default=None):
         plugins = self._getPAS()._getOb('plugins')
 
-        group_id = self._verifyGroup(plugins, group_id=group_id)
         title = None
-
-        if not group_id:
+        if group_id not in self.getGroupIds():
             return default
 
         return self._findGroup(plugins, group_id, title)

comment:5 Changed 5 years ago by limi

  • Owner set to wichert
  • Keywords patch added; PlonePAS removed

comment:6 Changed 5 years ago by limi

  • Component changed from Unknown to Infrastructure

comment:7 Changed 5 years ago by wichert

  • Owner wichert deleted

comment:8 Changed 5 years ago by esteele

  • Status changed from new to closed
  • Resolution set to fixed
  • Milestone changed from 3.x to 4.0

comment:9 Changed 3 years ago by davisagli

  • Component changed from Infrastructure to General
Note: See TracTickets for help on using tickets.