Merge pull request #24 from eea/develop

Develop

Author: valipod

Jenkinsfile

@@ -86,7 +86,7 @@ pipeline {
 
           "Plone5 & Python3": {
             node(label: 'docker') {
-              sh '''docker run -i --rm --name="$BUILD_TAG-plone5py3" -e GIT_BRANCH="$BRANCH_NAME" -e VERSIONS="validate-email=3.0.0rc2" -e ADDONS="$GIT_NAME[test]" -e DEVELOP="src/$GIT_NAME" -e GIT_CHANGE_ID="$CHANGE_ID" eeacms/plone-test:5-python3 -v -vv -s $GIT_NAME'''
+              sh '''docker run -i --rm --name="$BUILD_TAG-plone5py3" -e GIT_BRANCH="$BRANCH_NAME" -e ADDONS="$GIT_NAME[test]" -e DEVELOP="src/$GIT_NAME" -e GIT_CHANGE_ID="$CHANGE_ID" eeacms/plone-test:5-python3 -v -vv -s $GIT_NAME'''
             }
           }
         )

docs/HISTORY.txt

@@ -1,6 +1,11 @@
 Changelog
 =========
 
+2.6 - (2021-04-09)
+---------------------------
+* remove dependency on validate_email [dumitval]
+* re-allow NFPs to edit users from orgs of their country [dumitval]
+
 2.5 - (2021-01-09)
 ---------------------------
 * remove NFP edit permission on "own country" users [dumitval]

eea/userseditor/userdetails.py

@@ -14,6 +14,7 @@
 from eea.ldapadmin import ldap_config
 from eea.ldapadmin.ldap_config import _get_ldap_agent
 from eea.ldapadmin.logic_common import _is_authenticated
+from eea.ldapadmin.ui_common import nfp_can_change_user
 from eea.userseditor.permissions import EIONET_EDIT_USERS
 from eea.userseditor.users_editor import load_template
 from ldap import SCOPE_BASE
@@ -153,6 +154,14 @@ def can_edit_users(self):
 
         return bool(user.has_permission(EIONET_EDIT_USERS, self.context))
 
+    def can_edit_user(self, uid):
+        """ check the the authenticated user can edit a specific user
+        This can mean he has the edit users permission or is an NFP and the
+        target user is member of an organisation from the NFP's country """
+        user = self.context.REQUEST.AUTHENTICATED_USER
+        return (user.has_permission(EIONET_EDIT_USERS, self.context) or
+                nfp_can_change_user(self, uid, no_org=False))
+
     def can_view_roles(self):
         """can_view_roles."""
         if not self.is_authenticated():

eea/userseditor/version.txt

@@ -1 +1 @@
-2.5
+2.6

eea/userseditor/views/userdetails.py

@@ -18,11 +18,15 @@ class UserDetailsView(BrowserView):
     def __call__(self):
         REQUEST = self.request
         uid = REQUEST.form.get('uid')
+        auth_user = REQUEST.AUTHENTICATED_USER
+        is_auth = ('Authenticated' in auth_user.getRoles())
 
         if not uid:
-            # a missing uid can only mean this page is called by accident
-
-            return
+            if is_auth:
+                uid = auth_user.getId()
+            else:
+                # a missing uid can only mean this page is called by accident
+                return
         date_for_roles = REQUEST.form.get('date_for_roles')
 
         if "," in uid:
@@ -33,7 +37,6 @@ def __call__(self):
             multi = None
             user, roles = self.context._prepare_user_page(uid)
 
-        is_auth = ('Authenticated' in REQUEST.AUTHENTICATED_USER.getRoles())
         # we can only connect to ldap with bind=True if we have an
         # authenticated user
         agent = self.context._get_ldap_agent(bind=is_auth)

eea/userseditor/zpt/userdetails/index.zpt

@@ -85,14 +85,16 @@
           <div xmlns:foaf="http://xmlns.com/foaf/0.1/"
             tal:attributes="about string:${common/portal_url}/users/${view/user/uid}" typeof="foaf:Person"
             tal:define="user view/user;
+            uid user/uid;
             disabled python:user.get('status') == 'disabled';
             can_view_roles common/can_view_roles;
+            can_edit_user python:common.can_edit_user(uid);
             can_edit_users common/can_edit_users;
             is_authenticated common/is_authenticated;">
 
             <h1 property="foaf:name">
               <tal:block content="user/full_name" />
-              <a tal:condition="can_edit_users"
+              <a tal:condition="can_edit_user"
                 style="background:none"
                 tal:attributes="href string:${common/portal_url}/eionet-account-tools/eionet_account_tools/users/edit_user?id=${user/uid}">
                 <img src="/++resource++eea.userseditor-www/edit.gif" alt="Edit" />
@@ -102,7 +104,7 @@
             <div class="figure figure-right" style="clear: both"
               tal:condition="python:user['jpegPhoto'] and (not disabled or can_edit_users)">
               <div class="figure-image">
-                <a tal:attributes="href string:userphoto_jpeg?uid=${user/uid}">
+                <a>
                   <img tal:attributes="src string:${common/base_url}/userphoto_jpeg?uid=${user/uid}" class="mouseclickpop"
                     alt="photo of person" style="max-width:200px; max-height:150px" />
                 </a>

setup.py

@@ -21,14 +21,14 @@
       platforms=['OS Independent'],
       zip_safe=False,
       install_requires=[
-          'eea.usersdb>=1.3.40',
+          'eea.usersdb>=2.6',
           'deform',
           'phonenumbers',
           'six'
       ],
       extras_require={
           'test': [
-              'eea.ldapadmin',
+              'eea.ldapadmin>=2.8',
           ],
       },
       )