Commit bf2ab4ca authored by Vincent Pelletier's avatar Vincent Pelletier

CatalogTool: Stop using AutoQuery.

Also, simplify code flow by removing unnecessary "if" statements.
Also, simplify returned query tree by removing unnecessary intermediate
ComplexQueries.
parent 566c0c5f
...@@ -32,7 +32,7 @@ from collections import defaultdict ...@@ -32,7 +32,7 @@ from collections import defaultdict
from math import ceil from math import ceil
from Products.CMFCore.CatalogTool import CatalogTool as CMFCoreCatalogTool from Products.CMFCore.CatalogTool import CatalogTool as CMFCoreCatalogTool
from Products.ZSQLCatalog.ZSQLCatalog import ZCatalog from Products.ZSQLCatalog.ZSQLCatalog import ZCatalog
from Products.ZSQLCatalog.SQLCatalog import Query, ComplexQuery, SimpleQuery from Products.ZSQLCatalog.SQLCatalog import ComplexQuery, SimpleQuery
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from AccessControl import ClassSecurityInfo, getSecurityManager from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.User import system as system_user from AccessControl.User import system as system_user
...@@ -637,39 +637,27 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -637,39 +637,27 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
sql_catalog_id=sql_catalog_id, sql_catalog_id=sql_catalog_id,
local_roles=local_roles, local_roles=local_roles,
) )
role_query = None
security_uid_query = None
if role_column_dict:
query_list = [] query_list = []
for key, value in role_column_dict.items(): append = query_list.append
new_query = Query(**{key : value}) for key, value in role_column_dict.iteritems():
query_list.append(new_query) append(SimpleQuery(**{key : value}))
role_query = ComplexQuery(logical_operator='OR', *query_list)
if security_uid_dict: if security_uid_dict:
catalog_security_uid_groups_columns_dict = \ catalog_security_uid_groups_columns_dict = self.getSQLCatalog().getSQLCatalogSecurityUidGroupsColumnsDict()
self.getSQLCatalog().getSQLCatalogSecurityUidGroupsColumnsDict() for local_roles_group_id, security_uid_list in security_uid_dict.iteritems():
query_list = []
for local_roles_group_id, security_uid_list in\
security_uid_dict.iteritems():
assert security_uid_list assert security_uid_list
query_list.append(Query(**{ append(SimpleQuery(
catalog_security_uid_groups_columns_dict[local_roles_group_id]: **{catalog_security_uid_groups_columns_dict[local_roles_group_id]: security_uid_list}
security_uid_list, ))
'operator': 'IN'})) if query_list:
query = ComplexQuery(query_list, logical_operator='OR')
security_uid_query = ComplexQuery(*query_list, logical_operator='OR') if local_role_column_dict:
query = ComplexQuery(
if role_query: [
if security_uid_query: SimpleQuery(**{key : value})
# merge for key, value in local_role_column_dict.items()
query = ComplexQuery(security_uid_query, role_query, logical_operator='OR') ] + [query],
else: logical_operator='AND',
query = role_query )
elif security_uid_query:
query = security_uid_query
else: else:
# XXX A false query has to be generated. # XXX A false query has to be generated.
# As it is not possible to use SQLKey for now, pass impossible value # As it is not possible to use SQLKey for now, pass impossible value
...@@ -677,16 +665,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -677,16 +665,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# column range) # column range)
# Do not pass security_uid_list as empty in order to prevent useless # Do not pass security_uid_list as empty in order to prevent useless
# overhead # overhead
query = Query(uid=-1) query = SimpleQuery(uid=-1)
if local_role_column_dict:
query_list = []
for key, value in local_role_column_dict.items():
new_query = Query(**{key : value})
query_list.append(new_query)
local_role_query = ComplexQuery(logical_operator='AND', *query_list)
query = ComplexQuery(query, local_role_query, logical_operator='AND')
return query return query
# searchResults has inherited security assertions. # searchResults has inherited security assertions.
......
...@@ -162,15 +162,20 @@ CREATE TABLE alternate_roles_and_users ( ...@@ -162,15 +162,20 @@ CREATE TABLE alternate_roles_and_users (
# low level check of the security query of a logged in user # low level check of the security query of a logged in user
self.loginByUserName('user1') self.loginByUserName('user1')
security_query = self.portal.portal_catalog.getSecurityQuery() security_query = self.portal.portal_catalog.getSecurityQuery()
# This query is a complex query wrapping another complex query with a # XXX: this test is introspecting too much, but there is currently no
# criterion on altenate_security_uid. This check is quite low level and # obvious better way.
# is subject to change. # security_query can be:
security_uid_query = security_query.query_list[0] # - None if caller is superuser (must not be the case here)
alternate_security_query, = [q for q in # - a SimpleQuery if caller has no view permissions at all (must not be
security_query.query_list[0].query_list if # the case here)
q.kw.get('alternate_security_uid')] # - a ComplexQuery containing SimpleQueries detailing security conditions
self.assertEqual([user1_alternate_security_uid], # (this is what is expected here)
alternate_security_query.kw['alternate_security_uid']) alternate_security_query, = [
q for q in security_query.query_list
if q.column == 'alternate_security_uid'
]
self.assertEqual(user1_alternate_security_uid,
alternate_security_query.value)
# high level check that that logged in user can see document # high level check that that logged in user can see document
self.assertEqual([user1], self.assertEqual([user1],
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment