test

1e90e4f8 · Jérome Perrin · 9b43b904 · 1e90e4f8 · 1e90e4f8
Commit 1e90e4f8 authored Mar 10, 2014 by Jérome Perrin
Showing with 37 additions and 2 deletions

product/ERP5Catalog/CatalogTool.py product/ERP5Catalog/CatalogTool.py +18 -2

product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py ...P5Catalog/tests/testERP5CatalogSecurityUidOptimization.py +19 -0

No files found.
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -26,6 +26,7 @@
 #
 ##############################################################################

+from copy import deepcopy
 from collections import defaultdict
 from Products.CMFCore.CatalogTool import CatalogTool as CMFCoreCatalogTool
 from Products.ZSQLCatalog.ZSQLCatalog import ZCatalog
@@ -124,8 +125,23 @@ class IndexableObjectWrapper(object):
        allowed_role_set.discard('Owner')

        # XXX make this a method of base ?
-        local_roles_group_id_group_id = getattr(ob,
-          '__ac_local_roles_group_id_dict__', dict())
+        local_roles_group_id_group_id = deepcopy(getattr(ob,
+          '__ac_local_roles_group_id_dict__', dict()))
+
+        # If we acquire a permission, then we also want to acquire the local
+        # roles group ids
+        local_roles_container = ob
+        while getattr(local_roles_container, 'isRADContent', 0):
+          if local_roles_container._getAcquireLocalRoles():
+            local_roles_container = local_roles_container.aq_parent
+            for role_definition_group, user_and_role_list in \
+                getattr(local_roles_container,
+                        '__ac_local_roles_group_id_dict__',
+                        dict()).items():
+              local_roles_group_id_group_id.setdefault(role_definition_group, set()
+                ).update(user_and_role_list)
+          else:
+            break

        allowed_by_local_roles_group_id = {}
        allowed_by_local_roles_group_id[''] = allowed_role_set

--- a/product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
+++ b/product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
@@ -187,6 +187,25 @@ CREATE TABLE alternate_roles_and_users (
      self.assertSameSet([user1, user2],
        [o.getObject() for o in
          self.portal.portal_catalog(portal_type='Person')])
+
+      # portal types that acquire roles properly acquire the local role group
+      # id mapping
+      self.assertTrue(self.portal.portal_types.Career.getTypeAcquireLocalRole())
+      career = user1.newContent(portal_type='Career')
+      self.tic()
+
+      alternate_roles_and_users = sql_connection.manage_test(
+        "SELECT * from alternate_roles_and_users").dictionaries()
+      self.assertTrue(dict(uid=career.getUid(),
+                           alternate_security_uid=user1_alternate_security_uid) in
+                      alternate_roles_and_users)
+      self.login('user1')
+      self.assertEqual([career],
+        [o.getObject() for o in self.portal.portal_catalog(portal_type='Career')])
+      self.login('user2')
+      self.assertEqual([],
+        [o.getObject() for o in self.portal.portal_catalog(portal_type='Career')])
+      
    finally:
      # restore catalog configuration
      sql_catalog.sql_search_tables = current_sql_search_tables