- Prevent creation of users/groups/roles with empty ID in the ZODB (f…

…ixes #70)
zopefoundation · Aug 20, 2020 · e2b89f1 · e2b89f1
1 parent 26c893a
commit e2b89f1
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 6 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -4,6 +4,10 @@ Change Log
 2.5 (unreleased)
 ----------------
 
+- Prevent creation of users/groups/roles with empty ID in the ZODB
+  (`#70
+   <https://github.com/zopefoundation/Products.PluggableAuthService/issues/70>`_)
+
 - update configuration for version 5 of ``isort``
 
 

diff --git a/Products/PluggableAuthService/plugins/ZODBGroupManager.py b/Products/PluggableAuthService/plugins/ZODBGroupManager.py
@@ -329,9 +329,11 @@ def manage_addGroup(self, group_id, title=None, description=None,
                         RESPONSE=None):
         """ Add a group via the ZMI.
         """
-        self.addGroup(group_id, title, description)
-
-        message = 'Group+added'
+        if not group_id:
+            message = 'Please+provide+a+Group+ID'
+        else:
+            self.addGroup(group_id, title, description)
+            message = 'Group+added'
 
         if RESPONSE is not None:
             RESPONSE.redirect('%s/manage_groups?manage_tabs_message=%s' %

diff --git a/Products/PluggableAuthService/plugins/ZODBRoleManager.py b/Products/PluggableAuthService/plugins/ZODBRoleManager.py
@@ -356,9 +356,11 @@ def manage_addRole(self, role_id, title, description, RESPONSE=None,
                        REQUEST=None):
         """ Add a role via the ZMI.
         """
-        self.addRole(role_id, title, description)
-
-        message = 'Role+added'
+        if not role_id:
+            message = 'Please+provide+a+Role+ID'
+        else:
+            self.addRole(role_id, title, description)
+            message = 'Role+added'
 
         if RESPONSE is not None:
             RESPONSE.redirect('%s/manage_roles?manage_tabs_message=%s' %

diff --git a/Products/PluggableAuthService/plugins/ZODBUserManager.py b/Products/PluggableAuthService/plugins/ZODBUserManager.py
@@ -434,6 +434,9 @@ def manage_addUser(self, user_id, login_name, password, confirm,
         if password != confirm:
             message = 'password+and+confirm+do+not+match'
 
+        elif not user_id:
+            message = 'Please+provide+a+User+ID'
+
         else:
 
             if not login_name: