Added much comments related to the support of Owner local role and optimisation of security table.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10055 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5Catalog/CatalogTool.py

@@ -128,7 +128,11 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
               else:
                 allowed['user:' + user] = 1
             # Added for ERP5 project by JP Smets
-            if role != 'Owner':
+            # The reason why we do not want to keep Owner is because we are
+            # trying to reduce the number of security definitions
+            # However, this could be a bad idea if we start to use Owner role
+            # as a kind of Assignee and if we need it for worklists.
+            if role != 'Owner': 
               if withnuxgroups:
                 allowed[user + ':' + role] = 1
               else:
@@ -393,7 +397,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
           # Local roles now has precedence (since it comes from a WorkList)
           for user_or_group in allowedRolesAndUsers:
             for role in local_roles:
-              new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role))
+              if role == "Owner":
+                # This is for now only a placeholder to handle the case of Owner
+                # which may not be supported (see above comment arround line 135
+                new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role))
+              else:
+                new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role))
           allowedRolesAndUsers = new_allowedRolesAndUsers
 
       return allowedRolesAndUsers