From 80512cc8862ac44f15d9a80ae561e75dedd41f1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com> Date: Wed, 7 Apr 2010 12:47:10 +0000 Subject: [PATCH] - resolve categories without security restrictions Categories used on predicate definition of document might be not available (due to security) for user, but even then they shall be used in predicate. Thanks to unrestricted resolution of category it is possible to use such objects in query. Reviewed by Romain. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@34326 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5/Document/Predicate.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/product/ERP5/Document/Predicate.py b/product/ERP5/Document/Predicate.py index 534c6e060a..f13de610fb 100644 --- a/product/ERP5/Document/Predicate.py +++ b/product/ERP5/Document/Predicate.py @@ -42,6 +42,7 @@ from Products.ERP5Type.Utils import convertToUpperCase from Products.ERP5Type.Cache import getReadOnlyTransactionCache, enableReadOnlyTransactionCache, disableReadOnlyTransactionCache from Products.ZSQLCatalog.SQLCatalog import SQLQuery from Products.ERP5Type.Globals import PersistentMapping +from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod class Predicate(XMLObject): """ @@ -197,6 +198,13 @@ class Predicate(XMLObject): # '%s after method %s ' % (result, test_method_id)) return result + @UnrestrictedMethod + def _unrestrictedResolveCategory(self, *args): + # Categories used on predicate can be not available to user query, which + # shall be applied with predicate. + portal_categories = getToolByName(self, 'portal_categories') + return portal_categories.resolveCategory(*args) + security.declareProtected( Permissions.AccessContentsInformation, 'buildSQLQuery' ) def buildSQLQuery(self, strict_membership=0, table='category', @@ -229,7 +237,6 @@ class Predicate(XMLObject): catalog_kw[criterion.property] = criterion.identity portal_catalog = getToolByName(self, 'portal_catalog') - portal_categories = getToolByName(self, 'portal_categories') from_table_dict = {} @@ -241,7 +248,7 @@ class Predicate(XMLObject): for category in self.getMembershipCriterionCategoryList(): base_category = category.split('/')[0] # Retrieve base category if membership_dict.has_key(base_category): - category_value = portal_categories.resolveCategory(category, None) + category_value = self._unrestrictedResolveCategory(category, None) if category_value is not None: table_alias = "single_%s_%s" % (table, base_category) from_table_dict[table_alias] = 'category' @@ -263,7 +270,7 @@ class Predicate(XMLObject): for category in self.getMembershipCriterionCategoryList(): base_category = category.split('/')[0] # Retrieve base category if multimembership_dict.has_key(base_category): - category_value = portal_categories.resolveCategory(category) + category_value = self._unrestrictedResolveCategory(category) if category_value is not None: join_count += 1 table_alias = "multi_%s_%s" % (table, join_count) -- 2.30.9