Commit 89e254cf authored by Julien Muchembled's avatar Julien Muchembled

Optimimize and split _updateLocalRolesOnObject. Rename get{Action,Role}List.

git-svn-id: https://svn.erp5.org/repos/public/erp5/sandbox/portal_types@29250 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 2e98be8d
......@@ -2463,7 +2463,7 @@ class ActionTemplateItem(ObjectTemplateItem):
for path, action_dict in portal_type_dict.iteritems():
container = p.unrestrictedTraverse(path)
container.manage_delObjects([obj.id
for obj in container.getActionList()
for obj in container.getActionInformationList()
if obj.reference in action_dict])
for obj in action_dict.itervalues():
container._importOldAction(obj)
......@@ -2544,7 +2544,7 @@ class PortalTypeRolesTemplateItem(BaseTemplateItem):
obj = p.unrestrictedTraverse("portal_types/%s" %
relative_url.split('/', 1)[1])
self._objects[relative_url] = type_role_list = []
for role in obj.getRoleList():
for role in obj.getRoleInformationList():
type_role_dict = {}
for k, v in aq_base(role).__getstate__().iteritems():
if k == 'condition':
......@@ -2647,7 +2647,7 @@ class PortalTypeRolesTemplateItem(BaseTemplateItem):
obj = p.unrestrictedTraverse(path, None)
if obj is not None:
# reset roles before applying
obj.manage_delObjects([x.id for x in obj.getRoleList()])
obj.manage_delObjects([x.id for x in obj.getRoleInformationList()])
type_roles_list = self._objects[roles_path] or []
for role_property_dict in type_roles_list:
obj._importRole(role_property_dict)
......
......@@ -378,7 +378,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
base_cat.manage_delObjects(list(base_cat.objectIds()))
# clear role definitions
for ti in self.getTypesTool().objectValues():
ti.manage_delObjects([x.id for x in ti.getRoleList()])
ti.manage_delObjects([x.id for x in ti.getRoleInformationList()])
# clear modules
for module in self.portal.objectValues():
if module.getId().endswith('_module'):
......
......@@ -73,15 +73,15 @@ class ActionInformation(XMLObject):
def _setActionExpression(self, value):
if isinstance(value, basestring):
value = Expression(value)
value = value and Expression(value) or None
self._baseSetActionExpression(value)
def _setCondition(self, value):
if isinstance(value, basestring):
value = Expression(value)
value = value and Expression(value) or None
self._baseSetCondition(value)
def _setIcon(self, value):
if isinstance(value, basestring):
value = Expression(value)
value = value and Expression(value) or None
self._baseSetIcon(value)
def getCondition(self):
......
......@@ -245,7 +245,7 @@ class ERP5TypeInformation(XMLObject,
# which acquire their security definition from their parent
# The downside of this optimisation is that it is not possible to
# set a local role definition if the local role list is empty
if self.getRoleList():
if self.getRoleInformationList():
self.updateLocalRolesOnObject(ob)
# notify workflow after generating local roles, in order to prevent
......@@ -349,9 +349,46 @@ class ERP5TypeInformation(XMLObject,
'your setup. '\
'Please install it to benefit from group-based security'
group_id_role_dict = self.getGroupIdRoleDict(ob, user_name)
# Update role assignments to groups
if ERP5UserManager is not None: # Default implementation
# Clean old group roles
old_group_list = ob.get_local_roles()
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
if role_list:
ob.manage_addLocalRoles(group, role_list)
else: # NuxUserGroups implementation
# Clean old group roles
old_group_list = ob.get_local_group_roles()
# We duplicate role settings to mimic PAS
ob.manage_delLocalGroupRoles([x[0] for x in old_group_list])
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
# We duplicate role settings to mimic PAS
ob.manage_addLocalGroupRoles(group, role_list)
ob.manage_addLocalRoles(group, role_list)
# Make sure that the object is reindexed
if reindex:
ob.reindexObjectSecurity()
security.declareProtected(Permissions.AccessContentsInformation,
"getGroupIdRoleDict")
def getGroupIdRoleDict(self, ob, user_name=None):
# Create an empty local Role Definition dict
role_category_list_dict = {}
role_group_list_dict = {}
group_id_role_dict = {}
# Fill it with explicit local roles defined as subobjects of current
# object
......@@ -416,17 +453,20 @@ class ERP5TypeInformation(XMLObject,
for c in role.getRoleCategoryList():
bc, value = c.split('/', 1)
category_definition_dict.setdefault(bc, []).append(value)
# Now create role dict for each roles
for role in role.getRoleNameList():
if isinstance(category_result, dict):
# category_result is a dict (which provide group IDs directly)
# which represents of mapping of roles, security group IDs
# XXX explain that this is for providing user IDs mostly
role_group_list = role_group_list_dict.setdefault(role, [])
for k, v in category_result.items():
if k == role:
role_group_list.extend(v)
else:
role_list = role.getRoleNameList()
if isinstance(category_result, dict):
# category_result is a dict (which provide group IDs directly)
# which represents of mapping of roles, security group IDs
# XXX explain that this is for providing user IDs mostly
for role, group_id_list in category_result.iteritems():
if role in role_list:
for group_id in group_id_list:
group_id_role_dict.setdefault(group_id, set()).add(role)
else:
# Now create role dict for each roles
for role in role_list:
# category_result is a list of dicts that represents the resolved
# categories we create a category_value_dict from each of these
# dicts aggregated with category_order and statically defined
......@@ -439,96 +479,45 @@ class ERP5TypeInformation(XMLObject,
role_category_list.append(category_value_dict)
# Generate security group ids from category_value_dicts
role_group_id_dict = {}
parent = ob.aq_parent
group_id_generator = getattr( parent,
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT,
None )
group_id_generator = getattr(aq_parent(ob),
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT)
group_id_generator = group_id_generator.__of__(ob)
if group_id_generator is None:
raise RuntimeError, '%s script was not found' % \
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
for role, group_list in role_group_list_dict.items():
role_group_id_dict.setdefault(role, []).extend(group_list)
for role, value_list in role_category_list_dict.items():
role_group_dict = {}
for role, value_list in role_category_list_dict.iteritems():
role_group_set = group_id_role_dict.setdefault(role, set())
for category_dict in value_list:
group_id = group_id_generator(**category_dict) # category_order is passed in the dict
group_id_list = group_id_generator(**category_dict) # category_order is passed in the dict
# If group_id is not defined, do not use it
if group_id not in (None, ''):
if isinstance(group_id, str):
if group_id_list:
if isinstance(group_id_list, str):
# Single group is defined (this is usually for group membership)
# DEPRECATED due to cartesian product requirement
role_group_dict[group_id] = 1
else:
# Multiple groups are defined (list of users
# or list of group IDs resulting from a cartesian product)
for user_id in group_id:
role_group_dict[user_id] = 1
role_group_id_dict.setdefault(role, []).extend(role_group_dict.keys())
group_id_list = group_id_list,
# Multiple groups are defined (list of users
# or list of group IDs resulting from a cartesian product)
for group_id in group_id_list:
group_id_role_dict.setdefault(group_id, set()).add(role)
# Switch index from role to group id
group_id_role_dict = {}
for role, group_list in role_group_id_dict.items():
for group_id in group_list:
group_id_role_dict.setdefault(group_id, []).append(role)
# Update role assignments to groups
if ERP5UserManager is not None: # Default implementation
# Clean old group roles
old_group_list = ob.get_local_roles()
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
if not group_id_role_dict.has_key(group):
group_id_role_dict[group] = ('Owner',)
else:
group_id_role_dict[group].append('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.items():
ob.manage_addLocalRoles(group, role_list)
else: # NuxUserGroups implementation
# Clean old group roles
old_group_list = ob.get_local_group_roles()
# We duplicate role settings to mimic PAS
ob.manage_delLocalGroupRoles([x[0] for x in old_group_list])
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
if not group_id_role_dict.has_key(group):
group_id_role_dict[group] = ('Owner',)
else:
group_id_role_dict[group].append('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.items():
# We duplicate role settings to mimic PAS
ob.manage_addLocalGroupRoles(group, role_list)
ob.manage_addLocalRoles(group, role_list)
# Make sure that the object is reindexed
if reindex:
ob.reindexObjectSecurity()
return group_id_role_dict
security.declarePrivate('getFilteredRoleListFor')
def getFilteredRoleListFor(self, ob=None):
"""Return all roles applicable to the object against user."""
portal = self.portal_url.getPortalObject()
if ob is None:
folder = portal
else:
folder = aq_parent(ob)
# Search up the containment hierarchy until we find an
# object that claims it's a folder.
while folder is not None:
if getattr(aq_base(folder), 'isPrincipiaFolderish', 0):
# found it.
break
else:
folder = aq_parent(folder)
"""Return all roles applicable to the object against user."""
portal = self.getPortalObject()
if ob is None:
folder = portal
else:
folder = aq_parent(ob)
# Search up the containment hierarchy until we find an
# object that claims it's a folder.
while folder is not None:
if getattr(aq_base(folder), 'isPrincipiaFolderish', 0):
break # found it.
else:
folder = aq_parent(folder)
ec = createExprContext(folder, portal, ob)
return (role for role in self.getRoleList() if role.testCondition(ec))
ec = createExprContext(folder, portal, ob)
return (role for role in self.getRoleInformationList()
if role.testCondition(ec))
security.declareProtected(Permissions.ManagePortal, 'updateRoleMapping')
def updateRoleMapping(self, REQUEST=None, form_id=''):
......@@ -599,13 +588,13 @@ class ERP5TypeInformation(XMLObject,
# USE_BASE_TYPE
#
security.declarePrivate('getRoleList')
def getRoleList(self):
security.declarePrivate('getRoleInformationList')
def getRoleInformationList(self):
"""Return all roles for this portal type"""
return self.objectValues(portal_type='Role Information')
security.declarePrivate('getActionList')
def getActionList(self):
security.declarePrivate('getActionInformationList')
def getActionInformationList(self):
"""Return all actions for this portal type"""
return self.objectValues(portal_type='Action Information')
......@@ -672,7 +661,8 @@ class ERP5TypeInformation(XMLObject,
security.declarePrivate('listActions')
def listActions(self, info=None, object=None):
""" List all the actions defined by a provider."""
return sorted(self.getActionList(), key=lambda x: x.getFloatIndex())
return sorted(self.getActionInformationList(),
key=lambda x: x.getFloatIndex())
def _importOldAction(self, old_action):
from Products.ERP5Type.Document.ActionInformation import ActionInformation
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment