From 6e0141983e523e0ccc1fa15db327b46d65aee324 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com> Date: Thu, 22 Feb 2007 10:29:09 +0000 Subject: [PATCH] do not join anylonger with roles_and_user table when doing search/countResults, instead make a first request to get security uid in pass the result git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12959 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Catalog/CatalogTool.py | 47 ++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index b16c09a832..40bcce34c4 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -45,7 +45,7 @@ from Products.CMFCore.Expression import Expression from Products.PageTemplates.Expressions import getEngine from MethodObject import Method -import os, time, urllib +import os, time, urllib, warnings from zLOG import LOG SECURITY_USING_NUX_USER_GROUPS, SECURITY_USING_PAS = range(2) @@ -69,7 +69,7 @@ try: from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers except ImportError: pass - + def getSecurityProduct(acl_users): """returns the security used by the user folder passed. (NuxUserGroup, ERP5Security, or None if anything else). @@ -139,7 +139,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): # trying to reduce the number of security definitions # However, this could be a bad idea if we start to use Owner role # as a kind of Assignee and if we need it for worklists. - if role != 'Owner': + if role != 'Owner': if withnuxgroups: allowed[user + ':' + role] = 1 else: @@ -237,7 +237,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): # Make this the default. self.default_sql_catalog_id = config_id - + security.declareProtected( 'Import/Export objects', 'exportSQLMethods' ) def exportSQLMethods(self, sql_catalog_id=None, config_id='erp5'): """ @@ -258,7 +258,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): 'z_create_record', 'z_related_security', 'z_delete_recorded_object_list', 'z_reserve_uid', 'z_getitem_by_path', 'z_show_columns', 'z_getitem_by_path', 'z_show_tables', 'z_getitem_by_uid', 'z_unique_values', 'z_produce_reserved_uid_list',) - + msg = '' for id in catalog.objectIds(spec=('Z SQL Method',)): if id in common_sql_list: @@ -275,7 +275,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): f.write(text) finally: f.close() - + properties = self.manage_catalogExportProperties(sql_catalog_id=sql_catalog_id) name = os.path.join(config_sql_dir, 'properties.xml') msg += 'Writing %s\n' % (name,) @@ -284,9 +284,9 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): f.write(properties) finally: f.close() - + return msg - + def _listAllowedRolesAndUsers(self, user): security_product = getSecurityProduct(self.acl_users) if security_product == SECURITY_USING_PAS: @@ -425,13 +425,32 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): return allowedRolesAndUsers + security.declarePrivate('getSecurityUid') + def getSecurityUid(self, **kw): + """ + Return list of security oid for given roles list + """ + catalog = self.getSQLCatalog() + method = getattr(catalog, catalog.sql_search_security, '') + if method in ('', None): + # XXX old way, should not be used anylonger + warnings.warn("The usage of allowedRolesAndUsers is deprecated.\n" + "Please update your business template erp5_mysql_innodb.", + DeprecationWarning) + kw['allowedRolesAndUsers'] = self.getAllowedRolesAndUsers(**kw) + else: + allowedRolesAndUsers = ["'%s'" % (role, ) for role in self.getAllowedRolesAndUsers(**kw)] + security_uid_list = [x.uid for x in method(security_roles_list = allowedRolesAndUsers)] + kw['security_uid'] = security_uid_list + return kw + # searchResults has inherited security assertions. def searchResults(self, REQUEST=None, **kw): """ Calls ZCatalog.searchResults with extra arguments that limit the results to what the user is allowed to see. """ - kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong + kw = self.getSecurityUid(**kw) if not _checkPermission( CMFCorePermissions.AccessInactivePortalContent, self ): @@ -457,11 +476,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): Calls ZCatalog.countResults with extra arguments that limit the results to what the user is allowed to see. """ - kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong - - # Forget about permissions in statistics - # (we should not count lines more than once with statistic expressions) - if kw.has_key('select_expression'): del kw[ 'allowedRolesAndUsers' ] + kw = self.getSecurityUid(**kw) # XXX This needs to be set again #if not _checkPermission( @@ -472,7 +487,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): # #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' } return ZCatalog.countResults(self, REQUEST, **kw) - + security.declarePrivate('unrestrictedCountResults') def unrestrictedCountResults(self, REQUEST=None, **kw): """Calls ZSQLCatalog.countResults directly without restrictions. @@ -664,7 +679,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): else: base_category_id = name[len(DYNAMIC_METHOD_NAME):] method = RelatedBaseCategory(base_category_id) - setattr(self.__class__, name, + setattr(self.__class__, name, method) klass = aq_base(self).__class__ if hasattr(klass, 'security'): -- 2.30.9