Products.plonepas

-----------------

- Fixed the performance fix again. enumerateUsers from mutable_properties
plugin should return all the users if kw is empty. And it returns empty
tuple if login or id parameter is used.
[vincentfretin]

-----------------

- Revert performance fix introduced in 3.10 for the mutable properties plugin.
enumerateUsers shouldn't return results if id or login is not None like in
3.9 (data dict doesn't contain id or login key, so testMemberData returns
always False). The search should be performed only if kw parameter is not
empty. This is the new optimization fix.
[vincentfretin]

-----------------

- Performance fix for searching in the mutable properties plugin:
when only searching on user id do not walk over all properties,
but only test if the user id is known. This fixes
http://dev.plone.org/plone/ticket/9361
[toutpt]

- Nested groups are now visible in prefs_group_members. This closes
http://dev.plone.org/plone/ticket/8557
[vincentfretin]

- Add sort and merge PASSearchView's interface to prevent code duplication.
[csenger]

----------------

- Fix the cookie plugin's login handler to not trust the username
from the request. Instead we use the login name of the currently
authenticated user. This fixes CVE-2009-0662 (see
http://plone.org/products/plone/security/advisories/cve-2009-0662
for more information).
[wichert]

----------------

- Update the role manager's assignRoleToPrincipal method to lazily
update the cached list of portal roles. This fixes problems with
adding users with GenericSetup-created roles.
[wichert]

- Fixed our OrderedDict to be unpickable with pickle protocol 2. On
unpickling a __init__ method is not called and an optimization in
protocol 2 would call __setitem__ without the _list to be initialized.
Even using a __getstate__ / __setstate__ combination wouldn't work
around that. This change was found in using membrane and
MemcachedManager.
[hannosch, tesdal]

----------------

- Removed deprecation zcml statements for PluggableAuthService components:
these are now in PluggableAuthService itself.
[wichert]

- Adjusted deprecation warnings to point to Plone 4.0 instead of Plone 3.5
since we changed the version numbering again.
[hannosch]