Commit 08b81068 authored by Yoshinori Okuji's avatar Yoshinori Okuji

Define getAllowedUsersAndRoles.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@1394 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 2bcf353e
......@@ -320,14 +320,15 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
}
return getEngine().getContext(data)
# searchResults has inherited security assertions.
def searchResults(self, REQUEST=None, **kw):
security.declarePublic( 'getAllowedRolesAndUsers' )
def getAllowedRolesAndUsers(self, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
Return allowed roles and users.
This is supposed to be used with Z SQL Methods to check permissions
when you list up documents.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user ) # XXX allowedRolesAndUsers naming is wrong
allowedRolesAndUsers = self._listAllowedRolesAndUsers( user )
# Patch for ERP5 by JP Smets in order
# to implement worklists and search of local roles
......@@ -339,16 +340,26 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
if type(local_roles) == type('a'):
local_roles = local_roles.split(';')
# Local roles now has precedence (since it comes from a WorkList)
kw[ 'allowedRolesAndUsers' ] = []
allowedRolesAndUsers = []
for role in local_roles:
kw[ 'allowedRolesAndUsers' ].append('user:%s:%s' % (user, role))
allowedRolesAndUsers.append('user:%s:%s' % (user, role))
return allowedRolesAndUsers
# searchResults has inherited security assertions.
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong
if not _checkPermission(
CMFCorePermissions.AccessInactivePortalContent, self ):
base = aq_base( self )
now = DateTime()
#kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
#kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
#if not _checkPermission(
# CMFCorePermissions.AccessInactivePortalContent, self ):
# base = aq_base( self )
# now = DateTime()
# #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
# #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
#LOG("search allowedRolesAndUsers",0,str(kw[ 'allowedRolesAndUsers' ]))
return apply(ZCatalog.searchResults, (self, REQUEST), kw)
......@@ -360,35 +371,18 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
Calls ZCatalog.countResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
# Patch for ERP5 by JP Smets in order
# to implement worklists and search of local roles
if kw.has_key('local_roles'):
# Only consider local_roles if it is not empty
if kw['local_roles'] != '' and kw['local_roles'] != [] and kw['local_roles'] is not None:
local_roles = kw['local_roles']
# Turn it into a list if necessary according to ';' separator
if type(local_roles) == type('a'):
local_roles = local_roles.split(';')
# Local roles now has precedence (since it comes from a WorkList)
kw[ 'allowedRolesAndUsers' ] = []
for role in local_roles:
kw[ 'allowedRolesAndUsers' ].append('user:%s:%s' % (user, role))
kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong
# Forget about permissions in statistics
# (we should not count lines more than once
if kw.has_key('select_expression'): del kw[ 'allowedRolesAndUsers' ]
if not _checkPermission(
CMFCorePermissions.AccessInactivePortalContent, self ):
base = aq_base( self )
now = DateTime()
#kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
#kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
#if not _checkPermission(
# CMFCorePermissions.AccessInactivePortalContent, self ):
# base = aq_base( self )
# now = DateTime()
# #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
# #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
return apply(ZCatalog.countResults, (self, REQUEST), kw)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment