Commit e2c3058d authored by iv's avatar iv

ERP5Workflow: remove custom checkWithoutRoles

and modify checkGuard to have expected behaviour
parent 1b285dc8
......@@ -382,7 +382,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
is_permitted_worklist = 0
if is_guarded:
is_permitted_worklist = 1
elif (not check_guard): # XXX(WORKFLOW): there was: "or Guard_checkWithoutRoles(guard, security_manager, self, portal)"
elif (not check_guard or worklist_value.checkGuard(security_manager, self, portal, check_roles=False)):
is_permitted_worklist = 1
variable_match[SECURITY_PARAMETER_ID] = guard_role_list
......@@ -1122,49 +1122,3 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
if state_var is not None:
res[state_var] = status.get(state_var, initial_state)
return res
def Guard_checkWithoutRoles(self, sm, wf_def, ob, **kw):
"""Checks conditions in this guard.
This function is the same as Guard.check, but roles are not taken
into account here (but taken into account as local roles). This version
is for worklist guards.
Note that this patched version is not a monkey patch on the class,
because we only want this specific behaviour for worklists (Guards are
also used in transitions).
"""
u_roles = None
if wf_def.manager_bypass:
# Possibly bypass.
u_roles = sm.getUser().getRolesInContext(ob)
if 'Manager' in u_roles:
return 1
if self.permissions:
for p in self.permissions:
if _checkPermission(p, ob):
break
else:
return 0
if self.groups:
# Require at least one of the specified groups.
u = sm.getUser()
b = aq_base( u )
if hasattr( b, 'getGroupsInContext' ):
u_groups = u.getGroupsInContext( ob )
elif hasattr( b, 'getGroups' ):
u_groups = u.getGroups()
else:
u_groups = ()
for group in self.groups:
if group in u_groups:
break
else:
return 0
expr = self.expr
if expr is not None:
econtext = createExprContext(
StateChangeInfo(ob, wf_def, kwargs=kw))
res = expr(econtext)
if not res:
return 0
return 1
......@@ -30,7 +30,7 @@ class GuardableMixin(object):
security = ClassSecurityInfo()
security.declareObjectProtected(ManagePortal)
def checkGuard(self, security_manager, workflow, current_object, **kw):
def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw):
"""Checks conditions in this guard.
"""
user_roles = None
......@@ -45,7 +45,7 @@ class GuardableMixin(object):
break
else:
return False
if self.guard_role:
if check_roles and self.guard_role:
# Require at least one of the given roles.
if user_roles is None:
user_roles = security_manager.getUser()\
......@@ -70,7 +70,7 @@ class GuardableMixin(object):
break
else:
return False
if self.guard_expression.text:
if self.guard_expression and self.guard_expression.text:
expression_context = createExprContext(StateChangeInfo(current_object,
workflow,
kwargs=kw))
......@@ -140,6 +140,12 @@ class GuardableMixin(object):
def setGuardExpression(self, text):
self.guard_expression = Expression(text)
security.declareProtected(ManagePortal, 'getGuardExpression')
def getGuardExpression(self):
if self.guard_expression is None:
return Expression('')
return self.guard_expression
def formatNameUnion(names):
escaped = ['<code>' + escape(name) + '</code>' for name in names]
if len(escaped) == 2:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment