From 748046d002c8897acaead32b6c0d83f65b0d4cec Mon Sep 17 00:00:00 2001
From: Vincent Pelletier <vincent@nexedi.com>
Date: Mon, 9 Jul 2018 16:01:48 +0900
Subject: [PATCH] ERP5Security.ERP5GroupManager: Move security category mapping
lookup out.
So that it can be reused outside of group manager without having to
duplicate the backward-compatibility order.
Also, simplify code.
---
product/ERP5/ERP5Site.py | 25 ++++++++++++++++++++++++
product/ERP5Security/ERP5GroupManager.py | 25 +-----------------------
2 files changed, 26 insertions(+), 24 deletions(-)
diff --git a/product/ERP5/ERP5Site.py b/product/ERP5/ERP5Site.py
index e5dde4078c..0fa61f9951 100644
--- a/product/ERP5/ERP5Site.py
+++ b/product/ERP5/ERP5Site.py
@@ -1412,6 +1412,31 @@ class ERP5Site(FolderMixIn, CMFSite, CacheCookieMixin):
return self._getPortalGroupedCategoryList('assignment') or \
self._getPortalConfiguration('portal_assignment_base_category_list')
+ def getPortalSecurityCategoryMapping(self):
+ """
+ Returns a list of pairs composed of a script id and a list of base
+ category ids to use for computing security groups.
+
+ This is used during indexation, so involved scripts must not rely on
+ catalog at any point in their execution.
+
+ Example:
+ (
+ ('script_1', ['base_category_1', 'base_category_2', ...]),
+ ('script_2', ['base_category_1', 'base_category_3', ...])
+ )
+ """
+ return getattr(
+ self,
+ 'ERP5Type_getSecurityCategoryMapping',
+ lambda: ( # BBB
+ (
+ 'ERP5Type_getSecurityCategoryFromAssignment',
+ self.getPortalAssignmentBaseCategoryList(),
+ ),
+ ),
+ )()
+
security.declareProtected(Permissions.AccessContentsInformation,
'getPortalTicketTypeList')
def getPortalTicketTypeList(self):
diff --git a/product/ERP5Security/ERP5GroupManager.py b/product/ERP5Security/ERP5GroupManager.py
index 4577d8b909..f5dbe2185e 100644
--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -86,29 +86,6 @@ class ERP5GroupManager(BasePlugin):
@UnrestrictedMethod
def _getGroupsForPrincipal(user_id, path):
- # To get the complete list of groups, we try to call the
- # ERP5Type_getSecurityCategoryMapping which should return a list
- # of lists of two elements (script, base_category_list) like :
- # (
- # ('script_1', ['base_category_1', 'base_category_2', ...]),
- # ('script_2', ['base_category_1', 'base_category_3', ...])
- # )
- #
- # else, if the script does not exist, falls back to a list containng
- # only one list :
- # (('ERP5Type_getSecurityCategoryFromAssignment',
- # self.getPortalAssignmentBaseCategoryList() ),)
-
- mapping_method = getattr(self,
- 'ERP5Type_getSecurityCategoryMapping', None)
- if mapping_method is None:
- security_definition_list = ((
- 'ERP5Type_getSecurityCategoryFromAssignment',
- self.getPortalAssignmentBaseCategoryList()
- ),)
- else:
- security_definition_list = mapping_method()
-
user_path_set = {
x['path']
for x in self.searchUsers(id=user_id, exact_match=True)
@@ -119,7 +96,7 @@ class ERP5GroupManager(BasePlugin):
user_path, = user_path_set
user_value = self.getPortalObject().unrestrictedTraverse(user_path)
security_category_dict = {}
- for (method_name, base_category_list) in security_definition_list:
+ for method_name, base_category_list in self.getPortalSecurityCategoryMapping():
base_category_list = tuple(base_category_list)
security_category_list = security_category_dict.setdefault(
base_category_list,
--
2.30.9