From 826ae65e14f37fe84614b6c9a76850e2c64023b9 Mon Sep 17 00:00:00 2001
From: luc-demeyer <luc.demeyer@noviat.com>
Date: Wed, 15 Jun 2016 09:08:40 +0200
Subject: [PATCH] only ldap groups fix

---
 users_ldap_groups/README.rst                  |  1 +
 users_ldap_groups/__init__.py                 | 22 +-------
 users_ldap_groups/__openerp__.py              |  2 +-
 users_ldap_groups/models/__init__.py          |  3 ++
 users_ldap_groups/models/res_users.py         | 51 +++++++++++++++++++
 .../{ => models}/users_ldap_groups.py         |  0
 6 files changed, 57 insertions(+), 22 deletions(-)
 create mode 100644 users_ldap_groups/models/__init__.py
 create mode 100644 users_ldap_groups/models/res_users.py
 rename users_ldap_groups/{ => models}/users_ldap_groups.py (100%)

diff --git a/users_ldap_groups/README.rst b/users_ldap_groups/README.rst
index 2dbc81de3..a87e4a508 100644
--- a/users_ldap_groups/README.rst
+++ b/users_ldap_groups/README.rst
@@ -47,6 +47,7 @@ Contributors
 
 * Therp BV <info@therp.nl>
 * Giacomo Spettoli <giacomo.spettoli@gmail.com>
+* Luc De Meyer <luc.demeyer@noviat.com>
 
 Maintainer
 ----------
diff --git a/users_ldap_groups/__init__.py b/users_ldap_groups/__init__.py
index d1066f41b..a0fdc10fe 100644
--- a/users_ldap_groups/__init__.py
+++ b/users_ldap_groups/__init__.py
@@ -1,22 +1,2 @@
 # -*- coding: utf-8 -*-
-##############################################################################
-#
-#    OpenERP, Open Source Management Solution
-#    This module copyright (C) 2012 Therp BV (<http://therp.nl>).
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU Affero General Public License as
-#    published by the Free Software Foundation, either version 3 of the
-#    License, or (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU Affero General Public License for more details.
-#
-#    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-##############################################################################
-
-from . import users_ldap_groups
+from . import models
diff --git a/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
index 2493c0aeb..d2b6ae57b 100644
--- a/users_ldap_groups/__openerp__.py
+++ b/users_ldap_groups/__openerp__.py
@@ -21,7 +21,7 @@
 
 {
     "name": "Groups assignment",
-    "version": "8.0.1.2.1",
+    "version": "8.0.1.2.2",
     "depends": ["auth_ldap"],
     "author": "Therp BV,Odoo Community Association (OCA)",
     "license": "AGPL-3",
diff --git a/users_ldap_groups/models/__init__.py b/users_ldap_groups/models/__init__.py
new file mode 100644
index 000000000..7ea34975c
--- /dev/null
+++ b/users_ldap_groups/models/__init__.py
@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+from . import users_ldap_groups
+from . import res_users
diff --git a/users_ldap_groups/models/res_users.py b/users_ldap_groups/models/res_users.py
new file mode 100644
index 000000000..cef591744
--- /dev/null
+++ b/users_ldap_groups/models/res_users.py
@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    Odoo, Open Source Management Solution
+#
+#    Copyright (c) 2009-2016 Noviat nv/sa (www.noviat.com).
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+from openerp import api, models
+from openerp import SUPERUSER_ID
+from openerp.modules.registry import RegistryManager
+
+
+class ResUsers(models.Model):
+    _inherit = 'res.users'
+
+    def _login(self, db, login, password):
+        """
+        Call map_groups also for existing users
+        in order to enforce the 'only_ldap_groups'
+        security policy.
+        """
+        uid = super(ResUsers, self)._login(db, login, password)
+        if uid:
+            registry = RegistryManager.get(db)
+            with registry.cursor() as cr:
+                ldap_obj = registry.get('res.company.ldap')
+                for ldap_config in ldap_obj.get_ldap_dicts(cr):
+                    ldap_entry = ldap_obj.authenticate(
+                        ldap_config, login, password)
+                    if ldap_entry:
+                        env = api.Environment(cr, SUPERUSER_ID, {})
+                        comp_ldap = env['res.company.ldap'].browse(
+                            ldap_config['id'])
+                        comp_ldap.map_groups(
+                            uid, ldap_config, ldap_entry)
+        return uid
diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/models/users_ldap_groups.py
similarity index 100%
rename from users_ldap_groups/users_ldap_groups.py
rename to users_ldap_groups/models/users_ldap_groups.py