Commit 4ddbe435 authored by Vincent Pelletier's avatar Vincent Pelletier

ERP5Catalog: Do not propagate local_roles to ZSQLCatalog.

local_roles is handled entirely inside ERP5Catalog, so to not tell
ZSQLCatalog about it - it can do nothing right with it anyway.
Also, get rid of abusive **kw use in this code path.
Also, actually pass sql_catalog_id to getAllowedRolesAndUsers.
parent 41e3b789
...@@ -432,7 +432,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -432,7 +432,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
security.declarePublic('getAllowedRolesAndUsers') security.declarePublic('getAllowedRolesAndUsers')
def getAllowedRolesAndUsers(self, sql_catalog_id=None, **kw): def getAllowedRolesAndUsers(self, sql_catalog_id=None, local_roles=None):
""" """
Return allowed roles and users. Return allowed roles and users.
...@@ -472,7 +472,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -472,7 +472,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# Patch for ERP5 by JP Smets in order # Patch for ERP5 by JP Smets in order
# to implement worklists and search of local roles # to implement worklists and search of local roles
local_roles = kw.get('local_roles', None)
if local_roles: if local_roles:
local_role_dict = dict(catalog.getSQLCatalogLocalRoleKeysList()) local_role_dict = dict(catalog.getSQLCatalogLocalRoleKeysList())
role_dict = dict(catalog.getSQLCatalogRoleKeysList()) role_dict = dict(catalog.getSQLCatalogRoleKeysList())
...@@ -513,7 +512,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -513,7 +512,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return allowedRolesAndUsers, role_column_dict, local_role_column_dict return allowedRolesAndUsers, role_column_dict, local_role_column_dict
def getSecurityUidDictAndRoleColumnDict(self, sql_catalog_id=None, **kw): def getSecurityUidDictAndRoleColumnDict(self, sql_catalog_id=None, local_roles=None):
""" """
Return a dict of local_roles_group_id -> security Uids and a Return a dict of local_roles_group_id -> security Uids and a
dictionnary containing available role columns. dictionnary containing available role columns.
...@@ -523,7 +522,10 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -523,7 +522,10 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
catalogs. catalogs.
""" """
allowedRolesAndUsers, role_column_dict, local_role_column_dict = \ allowedRolesAndUsers, role_column_dict, local_role_column_dict = \
self.getAllowedRolesAndUsers(**kw) self.getAllowedRolesAndUsers(
sql_catalog_id=sql_catalog_id,
local_roles=local_roles,
)
catalog = self.getSQLCatalog(sql_catalog_id) catalog = self.getSQLCatalog(sql_catalog_id)
method = getattr(catalog, catalog.sql_search_security, None) method = getattr(catalog, catalog.sql_search_security, None)
if allowedRolesAndUsers: if allowedRolesAndUsers:
...@@ -562,7 +564,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -562,7 +564,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return security_uid_dict, role_column_dict, local_role_column_dict return security_uid_dict, role_column_dict, local_role_column_dict
security.declarePublic('getSecurityQuery') security.declarePublic('getSecurityQuery')
def getSecurityQuery(self, query=None, sql_catalog_id=None, **kw): def getSecurityQuery(self, query=None, sql_catalog_id=None, local_roles=None, **kw):
""" """
Build a query based on allowed roles or on a list of security_uid Build a query based on allowed roles or on a list of security_uid
values. The query takes into account the fact that some roles are values. The query takes into account the fact that some roles are
...@@ -576,7 +578,10 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -576,7 +578,10 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return query return query
original_query = query original_query = query
security_uid_dict, role_column_dict, local_role_column_dict = \ security_uid_dict, role_column_dict, local_role_column_dict = \
self.getSecurityUidDictAndRoleColumnDict(sql_catalog_id=sql_catalog_id, **kw) self.getSecurityUidDictAndRoleColumnDict(
sql_catalog_id=sql_catalog_id,
local_roles=local_roles,
)
role_query = None role_query = None
security_uid_query = None security_uid_query = None
...@@ -634,7 +639,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -634,7 +639,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return query return query
# searchResults has inherited security assertions. # searchResults has inherited security assertions.
def searchResults(self, query=None, **kw): def searchResults(self, query=None, sql_catalog_id=None, local_roles=None, **kw):
""" """
Calls ZCatalog.searchResults with extra arguments that Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see. limit the results to what the user is allowed to see.
...@@ -645,8 +650,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -645,8 +650,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# kw[ 'effective' ] = { 'query' : now, 'range' : 'max' } # kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
# kw[ 'expires' ] = { 'query' : now, 'range' : 'min' } # kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
catalog_id = self.getPreferredSQLCatalogId(kw.pop("sql_catalog_id", None)) catalog_id = self.getPreferredSQLCatalogId(sql_catalog_id)
query = self.getSecurityQuery(query=query, sql_catalog_id=catalog_id, **kw) query = self.getSecurityQuery(
query=query,
sql_catalog_id=catalog_id,
local_roles=local_roles,
)
kw.setdefault('limit', self.default_result_limit) kw.setdefault('limit', self.default_result_limit)
# get catalog from preference # get catalog from preference
#LOG("searchResult", INFO, catalog_id) #LOG("searchResult", INFO, catalog_id)
...@@ -691,7 +700,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -691,7 +700,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
except IndexError: except IndexError:
return None return None
def countResults(self, query=None, **kw): def countResults(self, query=None, sql_catalog_id=None, local_roles=None, **kw):
""" """
Calls ZCatalog.countResults with extra arguments that Calls ZCatalog.countResults with extra arguments that
limit the results to what the user is allowed to see. limit the results to what the user is allowed to see.
...@@ -703,8 +712,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -703,8 +712,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# now = DateTime() # now = DateTime()
# #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' } # #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
# #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' } # #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
catalog_id = self.getPreferredSQLCatalogId(kw.pop("sql_catalog_id", None)) catalog_id = self.getPreferredSQLCatalogId(sql_catalog_id)
query = self.getSecurityQuery(query=query, sql_catalog_id=catalog_id, **kw) query = self.getSecurityQuery(
query=query,
sql_catalog_id=catalog_id,
local_roles=local_roles,
)
kw.setdefault('limit', self.default_count_limit) kw.setdefault('limit', self.default_count_limit)
# get catalog from preference # get catalog from preference
return ZCatalog.countResults(self, query=query, sql_catalog_id=catalog_id, **kw) return ZCatalog.countResults(self, query=query, sql_catalog_id=catalog_id, **kw)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment