From 8ce1a2572cd196cfa78434d2770963b5b59395df Mon Sep 17 00:00:00 2001 From: Philip Bauer Date: Wed, 28 Feb 2024 09:54:54 +0100 Subject: [PATCH 1/4] Ignore transitive membership of groups (where a user is a member of x only because he is in another group that is a member of x) --- src/collective/exportimport/export_other.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/collective/exportimport/export_other.py b/src/collective/exportimport/export_other.py index ded77b94..1db617de 100644 --- a/src/collective/exportimport/export_other.py +++ b/src/collective/exportimport/export_other.py @@ -300,8 +300,14 @@ def _getUserPassword(self, userId): def _getUserData(self, userId): member = self.pms.getMemberById(userId) - groups = member.getGroups() - groups = [i for i in groups if i not in self.AUTO_GROUPS] + groups = [] + group_ids = [i for i in member.getGroups() if i not in self.AUTO_GROUPS] + # Drop groups in which the user is a transitive member + for group_id in group_ids: + group = api.group.get(group_id) + plone_group = group.getGroup() + if userId in plone_group.getMemberIds(): + groups.append(group_id) group_roles = [] for gid in groups: group_roles.extend(self.group_roles.get(gid, [])) From 292733e65ef57a84abcf95dd0fc26703f02b8ec8 Mon Sep 17 00:00:00 2001 From: Philip Bauer Date: Wed, 28 Feb 2024 10:02:48 +0100 Subject: [PATCH 2/4] Add changenote --- CHANGES.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 515fc44b..257872a0 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -32,6 +32,10 @@ Changelog - Add principals to groups that already exist during import (#228) [pbauer] +- In export_members ignore transitive membership of groups (#240) + [pbauer] + + 1.10 (2023-10-11) ----------------- From 7e05996937c097546a7d972834d3865c54baca96 Mon Sep 17 00:00:00 2001 From: Philip Bauer Date: Wed, 28 Feb 2024 10:56:54 +0100 Subject: [PATCH 3/4] add test --- .../exportimport/tests/test_export.py | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/collective/exportimport/tests/test_export.py b/src/collective/exportimport/tests/test_export.py index 3b9fd5e6..cb86f844 100644 --- a/src/collective/exportimport/tests/test_export.py +++ b/src/collective/exportimport/tests/test_export.py @@ -305,6 +305,27 @@ def test_export_members(self): if member["username"] == TEST_USER_ID: self.assertTrue(member["roles"], ["Member"]) + def test_export_indirect_members(self): + direct = api.group.create("Direct") + indirect = api.group.create("Indirect") + api.group.add_user(group=direct, username=TEST_USER_ID) + # Make user a indirect member of the group indirect + api.group.add_user(group=direct, user=indirect) + + transaction.commit() + browser = self.open_page("@@export_members") + browser.getForm(action="@@export_members").submit(name="form.submitted") + contents = browser.contents + if not browser.contents: + contents = DATA[-1] + data = json.loads(contents) + self.assertIn("groups", data.keys()) + self.assertIn("members", data.keys()) + member_data = data["members"][0] + self.assertEqual(member_data["username"], TEST_USER_ID) + # Only direct membership is exported + self.assertEqual(member_data["groups"], ["Direct"]) + def test_export_defaultpages_empty(self): browser = self.open_page("@@export_defaultpages") browser.getForm(action="@@export_defaultpages").submit(name="form.submitted") From ec23a329c5043cdeca31116c739d82fdcdb8efa9 Mon Sep 17 00:00:00 2001 From: Philip Bauer Date: Wed, 28 Feb 2024 11:03:22 +0100 Subject: [PATCH 4/4] fix test for 4.3 --- src/collective/exportimport/tests/test_export.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/collective/exportimport/tests/test_export.py b/src/collective/exportimport/tests/test_export.py index cb86f844..831f3e7d 100644 --- a/src/collective/exportimport/tests/test_export.py +++ b/src/collective/exportimport/tests/test_export.py @@ -321,10 +321,14 @@ def test_export_indirect_members(self): data = json.loads(contents) self.assertIn("groups", data.keys()) self.assertIn("members", data.keys()) - member_data = data["members"][0] - self.assertEqual(member_data["username"], TEST_USER_ID) - # Only direct membership is exported - self.assertEqual(member_data["groups"], ["Direct"]) + members = data["members"] + membernames = [member["username"] for member in members] + self.assertIn(TEST_USER_ID, membernames) + for member in members: + if member["username"] == TEST_USER_ID: + self.assertEqual(member["username"], TEST_USER_ID) + # Only direct membership is exported + self.assertEqual(member["groups"], ["Direct"]) def test_export_defaultpages_empty(self): browser = self.open_page("@@export_defaultpages")