diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index 6cc96881197c99779f6b4384e6d767015ac6ecf9..5728567f9be7ecfbc5ac3f1b057f8bc0af8be7ff 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -144,25 +144,27 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): new_dict[key] = new_list localroles = new_dict for user, roles in localroles.items(): + # Added for ERP5 project by JP Smets + # The reason why we do not want to keep Owner is because we are + # trying to reduce the number of security definitions + # However, this is a bad idea if we start to use Owner role + # as a kind of bamed Assignee and if we need it for worklists. Therefore + # we may sometimes catalog the owner user ID whenever the Owner + # has view permission (see getAllowedRolesAndUsers bellow + # as well as getViewPermissionOwner method in Base) + view_role_list = [role for role in roles if allowed.has_key(role) and role != 'Owner'] for role in roles: if allowed.has_key(role): if withnuxgroups: allowed[user] = 1 else: allowed['user:' + user] = 1 - # Added for ERP5 project by JP Smets - # The reason why we do not want to keep Owner is because we are - # trying to reduce the number of security definitions - # However, this is a bad idea if we start to use Owner role - # as a kind of bamed Assignee and if we need it for worklists. Therefore - # we may sometimes catalog the owner user ID whenever the Owner - # has view permission (see getAllowedRolesAndUsers bellow - # as well as getViewPermissionOwner method in Base) - if role != 'Owner': - if withnuxgroups: - allowed[user + ':' + role] = 1 - else: - allowed['user:' + user + ':' + role] = 1 + if view_role_list: + #One of Roles has view Permission. + if withnuxgroups: + allowed[user + ':' + role] = 1 + else: + allowed['user:' + user + ':' + role] = 1 if allowed.has_key('Owner'): del allowed['Owner'] return list(allowed.keys())