From 80512cc8862ac44f15d9a80ae561e75dedd41f1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com>
Date: Wed, 7 Apr 2010 12:47:10 +0000
Subject: [PATCH]  - resolve categories without security restrictions

Categories used on predicate definition of document might be not available
(due to security) for user, but even then they shall be used in predicate.
Thanks to unrestricted resolution of category it is possible to use such
objects in query.

Reviewed by Romain.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@34326 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5/Document/Predicate.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/product/ERP5/Document/Predicate.py b/product/ERP5/Document/Predicate.py
index 534c6e060a..f13de610fb 100644
--- a/product/ERP5/Document/Predicate.py
+++ b/product/ERP5/Document/Predicate.py
@@ -42,6 +42,7 @@ from Products.ERP5Type.Utils import convertToUpperCase
 from Products.ERP5Type.Cache import getReadOnlyTransactionCache, enableReadOnlyTransactionCache, disableReadOnlyTransactionCache
 from Products.ZSQLCatalog.SQLCatalog import SQLQuery
 from Products.ERP5Type.Globals import PersistentMapping
+from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
 
 class Predicate(XMLObject):
   """
@@ -197,6 +198,13 @@ class Predicate(XMLObject):
 #            '%s after method %s ' % (result, test_method_id))
     return result
 
+  @UnrestrictedMethod
+  def _unrestrictedResolveCategory(self, *args):
+    # Categories used on predicate can be not available to user query, which
+    # shall be applied with predicate.
+    portal_categories = getToolByName(self, 'portal_categories')
+    return portal_categories.resolveCategory(*args)
+
   security.declareProtected( Permissions.AccessContentsInformation,
                              'buildSQLQuery' )
   def buildSQLQuery(self, strict_membership=0, table='category',
@@ -229,7 +237,6 @@ class Predicate(XMLObject):
         catalog_kw[criterion.property] = criterion.identity
 
     portal_catalog = getToolByName(self, 'portal_catalog')
-    portal_categories = getToolByName(self, 'portal_categories')
 
     from_table_dict = {}
 
@@ -241,7 +248,7 @@ class Predicate(XMLObject):
     for category in self.getMembershipCriterionCategoryList():
       base_category = category.split('/')[0] # Retrieve base category
       if membership_dict.has_key(base_category):
-        category_value = portal_categories.resolveCategory(category, None)
+        category_value = self._unrestrictedResolveCategory(category, None)
         if category_value is not None:
           table_alias = "single_%s_%s" % (table, base_category)
           from_table_dict[table_alias] = 'category'
@@ -263,7 +270,7 @@ class Predicate(XMLObject):
     for category in self.getMembershipCriterionCategoryList():
       base_category = category.split('/')[0] # Retrieve base category
       if multimembership_dict.has_key(base_category):
-        category_value = portal_categories.resolveCategory(category)
+        category_value = self._unrestrictedResolveCategory(category)
         if category_value is not None:
           join_count += 1
           table_alias = "multi_%s_%s" % (table, join_count)
-- 
2.30.9