Skip to content

erp5
erp5
Commit 25d88c8a authored by Jérome Perrin's avatar Jérome Perrin
Browse files
Options

When a portal type acquire role, it should place the role definitions in the... 

When a portal type acquire role, it should place the role definitions in the same local role group ids
parent bc8a64f4
Hide whitespace changes
Inline Side-by-side
Showing with 37 additions and 2 deletions
product/ERP5Catalog/CatalogTool.py
View file @ 25d88c8a
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
# #
############################################################################## ##############################################################################
from copy import deepcopy
from collections import defaultdict from collections import defaultdict
from Products.CMFCore.CatalogTool import CatalogTool as CMFCoreCatalogTool from Products.CMFCore.CatalogTool import CatalogTool as CMFCoreCatalogTool
from Products.ZSQLCatalog.ZSQLCatalog import ZCatalog from Products.ZSQLCatalog.ZSQLCatalog import ZCatalog
...@@ -124,8 +125,23 @@ class IndexableObjectWrapper(object): ...@@ -124,8 +125,23 @@ class IndexableObjectWrapper(object):
allowed_role_set.discard('Owner') allowed_role_set.discard('Owner')
# XXX make this a method of base ? # XXX make this a method of base ?
local_roles_group_id_group_id = getattr(ob, local_roles_group_id_group_id = deepcopy(getattr(ob,
'__ac_local_roles_group_id_dict__', dict()) '__ac_local_roles_group_id_dict__', dict()))
# If we acquire a permission, then we also want to acquire the local
# roles group ids
local_roles_container = ob
while getattr(local_roles_container, 'isRADContent', 0):
if local_roles_container._getAcquireLocalRoles():
local_roles_container = local_roles_container.aq_parent
for role_definition_group, user_and_role_list in \
getattr(local_roles_container,
'__ac_local_roles_group_id_dict__',
dict()).items():
local_roles_group_id_group_id.setdefault(role_definition_group, set()
).update(user_and_role_list)
else:
break
allowed_by_local_roles_group_id = {} allowed_by_local_roles_group_id = {}
allowed_by_local_roles_group_id[''] = allowed_role_set allowed_by_local_roles_group_id[''] = allowed_role_set
......
product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
View file @ 25d88c8a
...@@ -187,6 +187,25 @@ CREATE TABLE alternate_roles_and_users ( ...@@ -187,6 +187,25 @@ CREATE TABLE alternate_roles_and_users (
self.assertSameSet([user1, user2], self.assertSameSet([user1, user2],
[o.getObject() for o in [o.getObject() for o in
self.portal.portal_catalog(portal_type='Person')]) self.portal.portal_catalog(portal_type='Person')])
# portal types that acquire roles properly acquire the local role group
# id mapping
self.assertTrue(self.portal.portal_types.Career.getTypeAcquireLocalRole())
career = user1.newContent(portal_type='Career')
self.tic()
alternate_roles_and_users = sql_connection.manage_test(
"SELECT * from alternate_roles_and_users").dictionaries()
self.assertTrue(dict(uid=career.getUid(),
alternate_security_uid=user1_alternate_security_uid) in
alternate_roles_and_users)
self.login('user1')
self.assertEqual([career],
[o.getObject() for o in self.portal.portal_catalog(portal_type='Career')])
self.login('user2')
self.assertEqual([],
[o.getObject() for o in self.portal.portal_catalog(portal_type='Career')])
finally: finally:
# restore catalog configuration # restore catalog configuration
sql_catalog.sql_search_tables = current_sql_search_tables sql_catalog.sql_search_tables = current_sql_search_tables
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7