-
Notifications
You must be signed in to change notification settings - Fork 21
/
membership.py
741 lines (633 loc) · 27.8 KB
/
membership.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
import logging
from cStringIO import StringIO
import transaction
from zope import event
from zope.interface import implements
from DateTime import DateTime
from App.class_init import InitializeClass
from App.special_dtml import DTMLFile
from OFS.Image import Image
from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.requestmethod import postonly
from Acquisition import aq_get
from Acquisition import aq_inner
from Acquisition import aq_parent
from zExceptions import BadRequest
from ZODB.POSException import ConflictError
from Products.CMFCore.permissions import ManagePortal
from Products.CMFCore.permissions import ManageUsers
from Products.CMFCore.permissions import SetOwnProperties
from Products.CMFCore.permissions import SetOwnPassword
from Products.CMFCore.permissions import View
from Products.CMFCore.permissions import ListPortalMembers
from Products.CMFCore.utils import _checkPermission
from Products.CMFCore.utils import getToolByName
from Products.CMFCore.MembershipTool import MembershipTool as BaseTool
from Products.PlonePAS.events import UserLoggedInEvent
from Products.PlonePAS.events import UserInitialLoginInEvent
from Products.PlonePAS.events import UserLoggedOutEvent
from Products.PlonePAS.interfaces import membership
from Products.PlonePAS.utils import cleanId
from Products.PlonePAS.utils import scale_image
default_portrait = 'defaultUser.png'
logger = logging.getLogger('PlonePAS')
class MembershipTool(BaseTool):
"""PAS-based customization of MembershipTool.
"""
implements(membership.IMembershipTool)
meta_type = "PlonePAS Membership Tool"
toolicon = 'tool.gif'
personal_id = '.personal'
portrait_id = 'MyPortrait'
default_portrait = 'defaultUser.gif'
memberarea_type = 'Folder'
membersfolder_id = 'Members'
memberareaCreationFlag = False
security = ClassSecurityInfo()
user_search_keywords = ('login', 'fullname', 'email', 'exact_match',
'sort_by', 'max_results')
_properties = (getattr(BaseTool, '_properties', ()) +
({'id': 'user_search_keywords',
'type': 'lines',
'mode': 'rw',
},))
manage_options = (BaseTool.manage_options
+ ({'label': 'Portraits',
'action': 'manage_portrait_fix'},))
# TODO I'm not quite sure why getPortalRoles is declared 'Managed'
# in CMFCore.MembershipTool - but in Plone we are not so anal ;-)
security.declareProtected(View, 'getPortalRoles')
security.declareProtected(ManagePortal, 'manage_mapRoles')
manage_mapRoles = DTMLFile('../zmi/membershipRolemapping', globals())
security.declareProtected(ManagePortal, 'manage_portrait_fix')
manage_portrait_fix = DTMLFile('../zmi/portrait_fix', globals())
security.declareProtected(ManagePortal, 'manage_setMemberAreaType')
def manage_setMemberAreaType(self, type_name, REQUEST=None):
""" ZMI method to set the home folder type by its type name.
"""
self.setMemberAreaType(type_name)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(self.absolute_url()
+ '/manage_mapRoles'
+ '?manage_tabs_message=Member+area+type+changed.')
security.declareProtected(ManagePortal, 'manage_setMembersFolderById')
def manage_setMembersFolderById(self, id, REQUEST=None):
""" ZMI method to set the members folder object by its id.
"""
self.setMembersFolderById(id)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(self.absolute_url()
+ '/manage_mapRoles'
+ '?manage_tabs_message=Members+folder+id+changed.')
security.declareProtected(ManagePortal, 'setMemberAreaType')
def setMemberAreaType(self, type_name):
""" Sets the portal type to use for new home folders.
"""
# No check for folderish since someone somewhere may actually want
# members to have objects instead of folders as home "directory".
self.memberarea_type = str(type_name).strip()
security.declareProtected(ManagePortal, 'setMembersFolderById')
def setMembersFolderById(self, id=''):
""" Set the members folder object by its id.
"""
self.membersfolder_id = id.strip()
security.declarePublic('getMembersFolder')
def getMembersFolder(self):
""" Get the members folder object.
"""
parent = aq_parent( aq_inner(self) )
members = getattr(parent, self.membersfolder_id, None)
return members
security.declarePrivate('addMember')
def addMember(self, id, password, roles, domains, properties=None):
"""Adds a new member to the user folder.
Security checks will have already been performed. Called by
portal_registration. This one specific to PAS. PAS ignores
domains. Adding members with login_name also not yet
supported.
"""
acl_users = self.acl_users
acl_users._doAddUser(id, password, roles, domains)
if properties is not None:
member = self.getMemberById(id)
member.setMemberProperties(properties)
security.declareProtected(ListPortalMembers, 'searchForMembers')
def searchForMembers(self, REQUEST=None, **kw):
"""Hacked up version of Plone searchForMembers.
The following properties can be provided:
- name
- email
- last_login_time
- before_specified_time
- roles (any role will cause a match)
- groupname
This is an 'AND' request.
Simple name searches are "fast".
"""
logger.debug('searchForMembers: started.')
acl_users = getToolByName(self, "acl_users")
md = getToolByName(self, "portal_memberdata")
groups_tool = getToolByName(self, "portal_groups")
if REQUEST is not None:
searchmap = REQUEST
else:
searchmap = kw
# While the parameter is called name it is actually used to search a
# users name, which is stored in the fullname property. We need to fix
# that here so the right name is used when calling into PAS plugins.
if 'name' in searchmap:
searchmap['fullname'] = searchmap['name']
del searchmap['name']
user_search = dict([x for x in searchmap.items()
if x[0] in self.user_search_keywords and x[1]])
fullname = searchmap.get('fullname', None)
email = searchmap.get('email', None)
roles = searchmap.get('roles', None)
last_login_time = searchmap.get('last_login_time', None)
before_specified_time = searchmap.get('before_specified_time', None)
groupname = searchmap.get('groupname', '').strip()
if fullname:
fullname = fullname.strip().lower()
if not fullname:
fullname = None
if email:
email = email.strip().lower()
if not email:
email = None
uf_users = []
logger.debug(
'searchForMembers: searching PAS '
'with arguments %r.' % user_search)
for user in acl_users.searchUsers(**user_search):
uid = user['userid']
uf_users.append(uid)
if not uf_users:
return []
wrap = self.wrapUser
getUserById = acl_users.getUserById
def dedupe(seq):
# Thanks http://www.peterbe.com/plog/uniqifiers-benchmark
seen = set()
seen_add = seen.add
# nice trick! set.add() does always return None
return [ x for x in seq if x not in seen and not seen_add(x)]
uf_users = dedupe(uf_users)
members = [getUserById(userid) for userid in uf_users]
members = [member for member in members if member is not None]
if (not email and
not fullname and
not roles and
not groupname and
not last_login_time):
logger.debug(
'searchForMembers: searching users '
'with no extra filter, immediate return.')
return members
# Now perform individual checks on each user
res = []
portal = getToolByName(self, 'portal_url').getPortalObject()
for member in members:
if groupname and groupname not in member.getGroupIds():
continue
if roles:
user_roles = member.getRoles()
found = 0
for r in roles:
if r in user_roles:
found = 1
break
if not found:
continue
if last_login_time:
last_login = member.getProperty('last_login_time', '')
if isinstance(last_login, basestring):
# value is a string when member hasn't yet logged in
last_login = DateTime(last_login or '2000/01/01')
if before_specified_time:
if last_login >= last_login_time:
continue
elif last_login < last_login_time:
continue
res.append(member)
logger.debug('searchForMembers: finished.')
return res
#############
## sanitize home folders (we may get URL-illegal ids)
security.declarePublic('createMemberarea')
def createMemberarea(self, member_id=None, minimal=None):
"""
Create a member area for 'member_id' or the authenticated
user, but don't assume that member_id is url-safe.
"""
if not self.getMemberareaCreationFlag():
return None
catalog = getToolByName(self, 'portal_catalog')
membership = getToolByName(self, 'portal_membership')
members = self.getMembersFolder()
if not member_id:
# member_id is optional (see CMFCore.interfaces.portal_membership:
# Create a member area for 'member_id' or authenticated user.)
member = membership.getAuthenticatedMember()
member_id = member.getId()
if hasattr(members, 'aq_explicit'):
members = members.aq_explicit
if members is None:
# no members area
logger.debug('createMemberarea: members area does not exist.')
return
safe_member_id = cleanId(member_id)
if hasattr(members, safe_member_id):
# has already this member
logger.debug(
'createMemberarea: member area '
'for %r already exists.' % safe_member_id)
return
if not safe_member_id:
# Could be one of two things:
# - A Emergency User
# - cleanId made a empty string out of member_id
logger.debug(
'createMemberarea: empty member id '
'(%r, %r), skipping member area creation.' % (
member_id, safe_member_id))
return
# Create member area without security checks
typesTool = getToolByName(members, 'portal_types')
fti = typesTool.getTypeInfo(self.memberarea_type)
member_folder = fti._constructInstance(members, safe_member_id)
# Get the user object from acl_users
acl_users = getToolByName(self, "acl_users")
user = acl_users.getUserById(member_id)
if user is not None:
user = user.__of__(acl_users)
else:
user = getSecurityManager().getUser()
# check that we do not do something wrong
if user.getId() != member_id:
raise NotImplementedError(
'cannot get user for member area creation')
member_object = self.getMemberById(member_id)
## Modify member folder
member_folder = self.getHomeFolder(member_id)
# Grant Ownership and Owner role to Member
member_folder.changeOwnership(user)
member_folder.__ac_local_roles__ = None
member_folder.manage_setLocalRoles(member_id, ['Owner'])
# We use ATCT now use the mutators
fullname = member_object.getProperty('fullname')
member_folder.setTitle(fullname or member_id)
member_folder.reindexObject()
## Hook to allow doing other things after memberarea creation.
notify_script = getattr(member_folder, 'notifyMemberAreaCreated', None)
if notify_script is not None:
notify_script()
# deal with ridiculous API change in CMF
security.declarePublic('createMemberArea')
createMemberArea = createMemberarea
security.declarePublic('getMemberInfo')
def getMemberInfo(self, memberId=None):
# Return 'harmless' Memberinfo of any member, such as Full name,
# Location, etc
if not memberId:
member = self.getAuthenticatedMember()
else:
member = self.getMemberById(memberId)
if member is None:
return None
memberinfo = {'fullname' : member.getProperty('fullname'),
'description' : member.getProperty('description'),
'location' : member.getProperty('location'),
'language' : member.getProperty('language'),
'home_page' : member.getProperty('home_page'),
'username' : member.getUserName(),
'has_email' : bool(member.getProperty('email')),
}
return memberinfo
def _getSafeMemberId(self, id=None):
"""Return a safe version of a member id.
If no id is given return the id for the currently authenticated user.
"""
if id is None:
member = self.getAuthenticatedMember()
if not hasattr(member, 'getMemberId'):
return None
id = member.getMemberId()
return cleanId(id)
security.declarePublic('getHomeFolder')
def getHomeFolder(self, id=None, verifyPermission=0):
""" Return a member's home folder object, or None.
Specially instrumented for URL-quoted-member-id folder
names.
"""
safe_id = self._getSafeMemberId(id)
if safe_id is None:
member = self.getAuthenticatedMember()
if not hasattr(member, 'getMemberId'):
return None
safe_id = member.getMemberId()
members = self.getMembersFolder()
if members:
try:
folder = members._getOb(safe_id)
if verifyPermission and not _checkPermission(View, folder):
# Don't return the folder if the user can't get to it.
return None
return folder
# KeyError added to deal with btree member folders
except (AttributeError, KeyError, TypeError):
pass
return None
def getHomeUrl(self, id=None, verifyPermission=0):
""" Return the URL to a member's home folder, or None.
"""
home = self.getHomeFolder(id, verifyPermission)
if home is not None:
return home.absolute_url()
else:
return None
security.declarePublic('getPersonalFolder')
def getPersonalFolder(self, member_id=None):
"""
returns the Personal Item folder for a member
if no Personal Folder exists will return None
"""
home = self.getHomeFolder(member_id)
personal = None
if home:
personal = getattr(home, self.personal_id, None)
return personal
security.declarePublic('getPersonalPortrait')
def getPersonalPortrait(self, id=None, verifyPermission=0):
"""Return a members personal portait.
Modified from CMFPlone version to URL-quote the member id.
"""
if not id:
id = self.getAuthenticatedMember().getId()
safe_id = self._getSafeMemberId(id)
membertool = getToolByName(self, 'portal_memberdata')
portrait = membertool._getPortrait(safe_id)
if isinstance(portrait, str):
portrait = None
if portrait is not None:
if verifyPermission and not _checkPermission('View', portrait):
# Don't return the portrait if the user can't get to it
portrait = None
if portrait is None:
portal = getToolByName(self, 'portal_url').getPortalObject()
portrait = getattr(portal, default_portrait, None)
return portrait
security.declareProtected(SetOwnProperties, 'deletePersonalPortrait')
def deletePersonalPortrait(self, id=None):
"""deletes the Portait of a member.
"""
authenticated_id = self.getAuthenticatedMember().getId()
if not id:
id = authenticated_id
safe_id = self._getSafeMemberId(id)
if id != authenticated_id and not _checkPermission(
ManageUsers, self):
raise Unauthorized
membertool = getToolByName(self, 'portal_memberdata')
return membertool._deletePortrait(safe_id)
security.declareProtected(SetOwnProperties, 'changeMemberPortrait')
def changeMemberPortrait(self, portrait, id=None):
"""update the portait of a member.
We URL-quote the member id if needed.
Note that this method might be called by an anonymous user who
is getting registered. This method will then be called from
plone.app.users and this is fine. When called from restricted
python code or with a curl command by a hacker, the
declareProtected line will kick in and prevent use of this
method.
"""
authenticated_id = self.getAuthenticatedMember().getId()
if not id:
id = authenticated_id
safe_id = self._getSafeMemberId(id)
if authenticated_id and id != authenticated_id:
# Only Managers can change portraits of others.
if not _checkPermission(ManageUsers, self):
raise Unauthorized
if portrait and portrait.filename:
scaled, mimetype = scale_image(portrait)
portrait = Image(id=safe_id, file=scaled, title='')
membertool = getToolByName(self, 'portal_memberdata')
membertool._setPortrait(portrait, safe_id)
security.declareProtected(ManageUsers, 'listMembers')
def listMembers(self):
'''Gets the list of all members.
THIS METHOD MIGHT BE VERY EXPENSIVE ON LARGE USER FOLDERS AND MUST
BE USED WITH CARE! We plan to restrict its use in the future (ie.
force large requests to use searchForMembers instead of listMembers,
so that it will not be possible anymore to have a method returning
several hundred of users :)
'''
return BaseTool.listMembers(self)
security.declareProtected(ManageUsers, 'listMemberIds')
def listMemberIds(self):
'''Lists the ids of all members. This may eventually be
replaced with a set of methods for querying pieces of the
list rather than the entire list at once.
'''
return self.acl_users.getUserIds()
security.declareProtected(SetOwnPassword, 'testCurrentPassword')
def testCurrentPassword(self, password):
""" test to see if password is current """
REQUEST = getattr(self, 'REQUEST', {})
member = self.getAuthenticatedMember()
acl_users = self._findUsersAclHome(member.getUserId())
if not acl_users:
return 0
return acl_users.authenticate(member.getUserName(), password, REQUEST)
def _findUsersAclHome(self, userid):
portal = getToolByName(self, 'portal_url').getPortalObject()
acl_users = portal.acl_users
parent = acl_users
while parent:
if acl_users.aq_explicit.getUserById(userid, None) is not None:
break
parent = aq_parent(aq_inner(parent)).aq_parent
acl_users = getattr(parent, 'acl_users')
if parent:
return acl_users
else:
return None
security.declareProtected(SetOwnPassword, 'setPassword')
def setPassword(self, password, domains=None, REQUEST=None):
'''Allows the authenticated member to set his/her own password.
'''
registration = getToolByName(self, 'portal_registration', None)
if not self.isAnonymousUser():
member = self.getAuthenticatedMember()
#self.acl_users
acl_users = self._findUsersAclHome(member.getUserId())
if not acl_users:
# should not possibly ever happen
raise BadRequest('did not find current user in any '
'user folder')
if registration:
failMessage = registration.testPasswordValidity(password)
if failMessage is not None:
raise BadRequest(failMessage)
if domains is None:
domains = []
user = acl_users.getUserById(member.getUserId(), None)
# we must change the users password trough grufs changepassword
# to keep her group settings
if hasattr(user, 'changePassword'):
user.changePassword(password)
else:
acl_users._doChangeUser(member.getUserId(), password,
member.getRoles(), domains)
if REQUEST is None:
REQUEST = aq_get(self, 'REQUEST', None)
self.credentialsChanged(password, REQUEST=REQUEST)
else:
raise BadRequest('Not logged in.')
setPassword = postonly(setPassword)
security.declareProtected(View, 'getCandidateLocalRoles')
def getCandidateLocalRoles(self, obj):
""" What local roles can I assign?
Override the CMFCore version so that we can see the local roles on
an object, and so that local managers can assign all roles locally.
"""
member = self.getAuthenticatedMember()
# Use getRolesInContext as someone may be a local manager
if 'Manager' in member.getRolesInContext(obj):
# Use valid_roles as we may want roles defined only on a subobject
local_roles = [r for r in obj.valid_roles() if r not in
('Anonymous', 'Authenticated', 'Shared')]
else:
local_roles = [role for role in member.getRolesInContext(obj)
if role not in ('Member', 'Authenticated')]
local_roles.sort()
return tuple(local_roles)
security.declareProtected(View, 'loginUser')
def loginUser(self, REQUEST=None):
""" Handle a login for the current user.
This method takes care of all the standard work that needs to be
done when a user logs in:
- clear the copy/cut/paste clipboard
- PAS credentials update
- sending a logged-in event
- storing the login time
- create the member area if it does not exist
"""
user = getSecurityManager().getUser()
if user is None:
return
if self.setLoginTimes():
event.notify(UserInitialLoginInEvent(user))
else:
event.notify(UserLoggedInEvent(user))
if REQUEST is None:
REQUEST = getattr(self, 'REQUEST', None)
if REQUEST is None:
return
# Expire the clipboard
if REQUEST.get('__cp', None) is not None:
REQUEST.RESPONSE.expireCookie('__cp', path='/')
self.createMemberArea()
try:
pas = getToolByName(self, 'acl_users')
pas.credentials_cookie_auth.login()
except AttributeError:
# The cookie plugin may not be present
pass
security.declareProtected(View, 'logoutUser')
def logoutUser(self, REQUEST=None):
"""Process a user logout.
This takes care of all the standard logout work:
- ask the user folder to logout
- expire a skin selection cookie
- invalidate a Zope session if there is one
"""
# Invalidate existing sessions, but only if they exist.
sdm = getToolByName(self, 'session_data_manager', None)
if sdm is not None:
session = sdm.getSessionData(create=0)
if session is not None:
session.invalidate()
if REQUEST is None:
REQUEST = getattr(self, 'REQUEST', None)
if REQUEST is not None:
pas = getToolByName(self, 'acl_users')
try:
pas.logout(REQUEST)
except:
# XXX Bare except copied from logout.cpy. This should be
# changed in the next Plone release.
pass
# Expire the skin cookie if it is not configured to persist
st = getToolByName(self, "portal_skins")
skinvar = st.getRequestVarname()
if skinvar in REQUEST and not st.getCookiePersistence():
portal = getToolByName(self, "portal_url") \
.getPortalObject()
path = '/' + portal.absolute_url(1)
# XXX check if this path is sane
REQUEST.RESPONSE.expireCookie(skinvar, path=path)
user = getSecurityManager().getUser()
if user is not None:
event.notify(UserLoggedOutEvent(user))
security.declareProtected(View, 'immediateLogout')
def immediateLogout(self):
""" Log the current user out immediately. Used by logout.py so that
we do not have to do a redirect to show the logged out status. """
noSecurityManager()
security.declarePublic('setLoginTimes')
def setLoginTimes(self):
""" Called by logged_in to set the login time properties
even if members lack the "Set own properties" permission.
The return value indicates if this is the first logged
login time.
"""
res = False
if not self.isAnonymousUser():
member = self.getAuthenticatedMember()
default = DateTime('2000/01/01')
login_time = member.getProperty('login_time', default)
if login_time == default:
res = True
login_time = DateTime()
member.setProperties(login_time=self.ZopeTime(),
last_login_time=login_time)
return res
security.declareProtected(ManagePortal, 'getBadMembers')
def getBadMembers(self):
"""Will search for members with bad images in the portal_memberdata
delete their portraits and return their member ids"""
memberdata = getToolByName(self, 'portal_memberdata')
portraits = getattr(memberdata, 'portraits', None)
if portraits is None:
return []
bad_member_ids = []
TXN_THRESHOLD = 50
counter = 1
for member_id in tuple(portraits.keys()):
portrait = portraits[member_id]
portrait_data = str(portrait.data)
if portrait_data == '':
continue
try:
import PIL
except ImportError:
raise RuntimeError('No Python Imaging Libraries (PIL) found. '
'Unable to validate profile image.')
try:
img = PIL.Image.open(StringIO(portrait_data))
except ConflictError:
pass
except:
# Anything else we have a bad bad image and we destroy it
# and ask questions later.
portraits._delObject(member_id)
bad_member_ids.append(member_id)
if not counter % TXN_THRESHOLD:
transaction.savepoint(optimistic=True)
counter = counter + 1
return bad_member_ids
InitializeClass(MembershipTool)