eea
diff --git a/‎docs/HISTORY.txt‎
Lines changed: 11 additions & 0 deletions b/‎docs/HISTORY.txt‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎eea/userseditor/tests/test_ui.py‎
Lines changed: 8 additions & 3 deletions b/‎eea/userseditor/tests/test_ui.py‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎eea/userseditor/userdetails.py‎
Lines changed: 5 additions & 75 deletions b/‎eea/userseditor/userdetails.py‎
Lines changed: 5 additions & 75 deletions
@@ -1,6 +1,17 @@
 Changelog
 =========
 
+2.5 - (2021-01-09)
+---------------------------
+* remove NFP edit permission on "own country" users [dumitval]
+* move _is_authenticated to eea.ldapadmin.logic_common [dumitval]
+* move _get_ldap_agent eea.ldapadmin.ldap_config [dumitval]
+* move logged_in_user, nfp_for_country to eea.ldapadmin.ui_common [dumitval]
+* removed _get_user_id duplicate of logged_in_user [dumitval]
+* give NFPs access to the details page of disabled users [dumitval]
+* remove obsolete Circa-related code [dumitval]
+* fix tests [dumitval]
+
 2.4 - (2020-12-04)
 ---------------------------
 * add some privileges for NFPs on the user details page
 
@@ -59,7 +59,6 @@ def base_setup(context, user):
 #    context.mock_agent._encoding = 'utf-8'
 #    context.mock_agent.role_leaders = Mock(return_value=([], []))
 #    context.mock_agent.role_infos_in_role.return_value = {}
-#    context.ui._get_ldap_agent = Mock(return_value=context.mock_agent)
 #    context.ui.can_delete_role = Mock(return_value=True)
 #    context.ui.can_edit_members = Mock(return_value=True)
 #    context.ui.can_edit_organisations = Mock(return_value=True)
@@ -71,12 +70,13 @@ def base_setup(context, user):
     context.request.RESPONSE.redirect = Mock()
     context.request.RESPONSE.setStatus = Mock()
     context.REQUEST.AUTHENTICATED_USER = user
-    user.getRoles = Mock(return_value=['Authenticated'])
     context.mailhost = getUtility(IMailHost)
     registry = getUtility(IRegistry)
     registry["plone.email_from_address"] = "user-directory@plone.org"
     registry["plone.email_from_name"] = u"Plone test site"
     context.mock_agent = MockLdapAgent()
+    context.mock_agent.filter_roles.return_value = []
+    context.ui._get_ldap_agent = Mock(return_value=context.mock_agent)
 
 
 def parse_html(html):
@@ -210,6 +210,7 @@ def setUp(self):
         self.mock_agent.org_info = Mock(return_value=org_data_fixture)
         self.mock_agent.filter_roles.return_value = []
         self.ui._get_ldap_agent = Mock(return_value=self.mock_agent)
+        user.getRoles = Mock(return_value=['Authenticated'])
 
     def test_edit_form(self):
         """test_edit_form."""
@@ -348,6 +349,7 @@ def setUp(self):
              'text_native': '', 'ldap': False}
         ])
         self.mock_agent.org_info = Mock(return_value=org_data_fixture)
+        user.getRoles = Mock(return_value=['Anonymous'])
 
     def _assert_error_msg_on_index(self):
         """_assert_error_msg_on_index."""
@@ -366,8 +368,10 @@ def test_main_page(self):
                          "You must be authenticated to edit your profile. "
                          "Please log in.")
 
-    def test_edit_form(self):
+    @patch('eea.ldapadmin.nfp_nrc.get_nrc_roles')
+    def test_edit_form(self, mock_nrc_roles):
         """test_edit_form."""
+        mock_nrc_roles.return_value = []
         self.ui.edit_account_html(self.request)
         self.request.RESPONSE.redirect.assert_called_with('URL/')
         self._assert_error_msg_on_index()
@@ -402,6 +406,7 @@ def setUp(self):
             'poker_club': {'name': 'Poker club',
                            'name_native': 'Poker club', 'country': 'eu'}}
         self.mock_agent.all_organisations = Mock(return_value=all_orgs)
+        user.getRoles = Mock(return_value=['Authenticated'])
 
     def test_show_by_id(self):
         """test_show_by_id."""
 
@@ -12,14 +12,15 @@
 from Acquisition import Implicit
 from App.config import getConfiguration
 from eea.ldapadmin import ldap_config
-from eea.ldapadmin.ui_common import nfp_for_country
+from eea.ldapadmin.ldap_config import _get_ldap_agent
+from eea.ldapadmin.logic_common import _is_authenticated
 from eea.userseditor.permissions import EIONET_EDIT_USERS
+from eea.userseditor.users_editor import load_template
 from ldap import SCOPE_BASE
 from OFS.PropertyManager import PropertyManager
 from OFS.SimpleItem import SimpleItem
 from persistent.mapping import PersistentMapping
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
-from z3c.pt.pagetemplate import PageTemplateFile as ChameleonTemplate
 
 cfg = getConfiguration()
 if hasattr(cfg, 'environment'):
@@ -47,33 +48,6 @@ def manage_add_userdetails(parent, tool_id, REQUEST=None):
         REQUEST.RESPONSE.redirect(parent.absolute_url() + '/manage_workspace')
 
 
-def _is_authenticated(request):
-    """_is_authenticated.
-
-    :param request:
-    """
-    return 'Authenticated' in request.AUTHENTICATED_USER.getRoles()
-
-
-def load_template(name, context=None, _memo={}):
-    """load_template.
-
-    :param name:
-    :param context:
-    :param _memo:
-    """
-    if name not in _memo:
-        tpl = ChameleonTemplate(name)
-
-        if context is not None:
-            bound = tpl.bind(context)
-            _memo[name] = bound
-        else:
-            _memo[name] = tpl
-
-    return _memo[name]
-
-
 zope2_wrapper = PageTemplateFile('zpt/zope2_wrapper.zpt', globals())
 plone5_wrapper = PageTemplateFile('zpt/plone5_wrapper.zpt', globals())
 
@@ -179,22 +153,6 @@ def can_edit_users(self):
 
         return bool(user.has_permission(EIONET_EDIT_USERS, self.context))
 
-    def can_edit_user(self):
-        """ Check if the authenticated user has permission to edit this
-        particular user. (meaning has general edit permission or
-        the authenticated user is NFP in the country of the user's
-        organisation)."""
-        if self.can_edit_users():
-            return True
-        uid = self.context.REQUEST.AUTHENTICATED_USER.getId()
-        nfp_country = nfp_for_country(self.context)
-        if nfp_country:
-            agent = self.context._get_ldap_agent()
-            for org in agent.orgs_for_user(uid):
-                if agent.org_info(org[0])['country'] == nfp_country:
-                    return True
-        return False
-
     def can_view_roles(self):
         """can_view_roles."""
         if not self.is_authenticated():
@@ -223,22 +181,6 @@ def network_name(self):
         return NETWORK_NAME
 
 
-def logged_in_user(request):
-    """logged_in_user.
-
-    :param request:
-    """
-    user_id = ''
-
-    if _is_authenticated(request):
-        user = request.get('AUTHENTICATED_USER', '')
-
-        if user:
-            user_id = user.getId()
-
-    return user_id
-
-
 class UserDetails(SimpleItem):
     """UserDetails."""
 
@@ -278,20 +220,8 @@ def __init__(self, config={}):
         self._config = PersistentMapping(config)
 
     def _get_ldap_agent(self, bind=True, secondary=False):
-        """_get_ldap_agent.
-
-        :param bind:
-        :param secondary: bind with alternate credentials for different
-                          permissions
-        """
-        agent = ldap_config.ldap_agent_with_config(self._config, bind,
-                                                   secondary=secondary)
-        try:
-            agent._author = logged_in_user(self.REQUEST)
-        except AttributeError:
-            agent._author = "System user"
-
-        return agent
+        """ get the ldap agent """
+        return _get_ldap_agent(self, bind, secondary)
 
     def _prepare_user_page(self, uid):
         """Shared by index_html and simple_profile"""