Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Leo Le Bouter
erp5
Commits
c221a41f
Commit
c221a41f
authored
May 22, 2013
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Only index a group if the role is allowed to view
parent
dd69a61c
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
29 additions
and
18 deletions
+29
-18
product/ERP5Catalog/CatalogTool.py
product/ERP5Catalog/CatalogTool.py
+8
-11
product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
...P5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
+21
-7
No files found.
product/ERP5Catalog/CatalogTool.py
View file @
c221a41f
...
@@ -133,14 +133,13 @@ class IndexableObjectWrapper(object):
...
@@ -133,14 +133,13 @@ class IndexableObjectWrapper(object):
optimized_role_set
=
set
()
optimized_role_set
=
set
()
# First parse optimized roles and build optimized_role_set
# First parse optimized roles and build optimized_role_set
for
role_definition_group
,
user_and_role_list
in
local_roles_group_id_group_id
.
items
():
for
role_definition_group
,
user_and_role_list
in
local_roles_group_id_group_id
.
items
():
try
:
group_allowed_set
=
allowed_by_local_roles_group_id
.
setdefault
(
group_allowed_set
=
allowed_by_local_roles_group_id
[
role_definition_group
]
role_definition_group
,
set
())
except
KeyError
:
allowed_by_local_roles_group_id
[
role_definition_group
]
=
group_allowed_set
=
set
()
for
user
,
role
in
user_and_role_list
:
for
user
,
role
in
user_and_role_list
:
prefix
=
'user:'
+
user
if
role
in
allowed_role_set
:
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
prefix
=
'user:'
+
user
optimized_role_set
.
add
((
user
,
role
))
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
optimized_role_set
.
add
((
user
,
role
))
# Then parse other roles
# Then parse other roles
for
user
,
roles
in
localroles
.
iteritems
():
for
user
,
roles
in
localroles
.
iteritems
():
...
@@ -155,10 +154,8 @@ class IndexableObjectWrapper(object):
...
@@ -155,10 +154,8 @@ class IndexableObjectWrapper(object):
user_view_permission_role_dict
[
role
]
=
user
user_view_permission_role_dict
[
role
]
=
user
elif
role
in
allowed_role_set
:
elif
role
in
allowed_role_set
:
for
group
in
local_roles_group_id_group_id
.
get
(
user
,
(
''
,
)):
for
group
in
local_roles_group_id_group_id
.
get
(
user
,
(
''
,
)):
try
:
group_allowed_set
=
allowed_by_local_roles_group_id
.
setdefault
(
group_allowed_set
=
allowed_by_local_roles_group_id
[
group
]
group
,
set
())
except
KeyError
:
allowed_by_local_roles_group_id
[
group
]
=
group_allowed_set
=
set
()
if
(
user
,
role
)
not
in
optimized_role_set
:
if
(
user
,
role
)
not
in
optimized_role_set
:
# add only if not already added to optimized_role_set to avoid polluting indexation table
# add only if not already added to optimized_role_set to avoid polluting indexation table
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
...
...
product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
View file @
c221a41f
...
@@ -41,16 +41,18 @@ class TestERP5CatalogSecurityUidOptimization(ERP5TypeTestCase):
...
@@ -41,16 +41,18 @@ class TestERP5CatalogSecurityUidOptimization(ERP5TypeTestCase):
bt5 to be installed in advance.
bt5 to be installed in advance.
XXX: Inherit from TestERP5Catalog so we test default and security_uid optmization with same tests.
XXX: Inherit from TestERP5Catalog so we test default and security_uid optmization with same tests.
"""
"""
business_template_list
=
[
'erp5_security_uid_innodb_catalog'
,
business_template_list
=
[
'erp5_security_uid_innodb_catalog'
,
'erp5_full_text_myisam_catalog'
,
'erp5_base'
]
'erp5_full_text_myisam_catalog'
,
'erp5_base'
]
def
getBusinessTemplateList
(
self
):
def
getBusinessTemplateList
(
self
):
return
self
.
business_template_list
return
self
.
business_template_list
def
afterSetUp
(
self
):
def
afterSetUp
(
self
):
self
.
login
()
self
.
login
()
portal
=
self
.
getPortal
()
portal
=
self
.
getPortal
()
group
=
portal
.
portal_categories
.
group
if
'g1'
not
in
group
.
objectIds
():
group
.
newContent
(
portal_type
=
'Category'
,
id
=
'g1'
,
codification
=
'GROUP1'
)
def
test_local_roles_group_id_on_role_information
(
self
):
def
test_local_roles_group_id_on_role_information
(
self
):
"""Test usage of local_roles_group_id when searching catalog.
"""Test usage of local_roles_group_id when searching catalog.
...
@@ -111,6 +113,13 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -111,6 +113,13 @@ CREATE TABLE alternate_roles_and_users (
role_base_category_script_id
=
'ERP5Type_getSecurityCategoryFromSelf'
,
role_base_category_script_id
=
'ERP5Type_getSecurityCategoryFromSelf'
,
role_base_category
=
'agent'
,
role_base_category
=
'agent'
,
local_role_group_value
=
self
.
portal
.
portal_categories
.
local_role_group
.
Alternate
.
getRelativeUrl
())
local_role_group_value
=
self
.
portal
.
portal_categories
.
local_role_group
.
Alternate
.
getRelativeUrl
())
# add another role information that does not grant view permission
self
.
portal
.
portal_types
.
Person
.
newContent
(
portal_type
=
'Role Information'
,
role_name
=
'Unknown'
,
role_category_list
=
(
'group/g1'
),
role_base_category
=
'group'
,
local_role_group_value
=
self
.
portal
.
portal_categories
.
local_role_group
.
Alternate
.
getRelativeUrl
())
self
.
portal
.
portal_caches
.
clearAllCache
()
self
.
portal
.
portal_caches
.
clearAllCache
()
self
.
tic
()
self
.
tic
()
...
@@ -119,21 +128,23 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -119,21 +128,23 @@ CREATE TABLE alternate_roles_and_users (
# create two persons and users
# create two persons and users
user1
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
user1
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
reference
=
'user1'
)
reference
=
'user1'
)
user1
.
newContent
(
portal_type
=
'Assignment'
).
open
()
user1
.
newContent
(
portal_type
=
'Assignment'
,
group
=
'g1'
).
open
()
user1
.
updateLocalRolesOnSecurityGroups
()
user1
.
updateLocalRolesOnSecurityGroups
()
self
.
assertEquals
(
user1
.
__ac_local_roles__
.
get
(
'user1'
),
[
'Auditor'
])
self
.
assertEquals
(
user1
.
__ac_local_roles__
.
get
(
'user1'
),
[
'Auditor'
])
self
.
assertEquals
(
user1
.
__ac_local_roles__
.
get
(
'GROUP1'
),
[
'Unknown'
])
user2
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
user2
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
reference
=
'user2'
)
reference
=
'user2'
)
user2
.
newContent
(
portal_type
=
'Assignment'
).
open
()
user2
.
newContent
(
portal_type
=
'Assignment'
,
group
=
'g1'
).
open
()
user2
.
updateLocalRolesOnSecurityGroups
()
user2
.
updateLocalRolesOnSecurityGroups
()
self
.
assertEquals
(
user2
.
__ac_local_roles__
.
get
(
'user2'
),
[
'Auditor'
])
self
.
assertEquals
(
user2
.
__ac_local_roles__
.
get
(
'user2'
),
[
'Auditor'
])
self
.
assertEquals
(
user2
.
__ac_local_roles__
.
get
(
'GROUP1'
),
[
'Unknown'
])
self
.
tic
()
self
.
tic
()
# security_uid_dict in catalog contains entries for user1 and user2:
# security_uid_dict in catalog contains entries for user1 and user2:
user1_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
user1_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
(
'Alternate'
,
(
'user:user1'
,
'user:user1:Auditor'
))]
(
'Alternate'
,
(
'user:user1'
,
'user:user1:Auditor'
))]
bob
_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
user2
_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
(
'Alternate'
,
(
'user:user2'
,
'user:user2:Auditor'
))]
(
'Alternate'
,
(
'user:user2'
,
'user:user2:Auditor'
))]
# those entries are in alternate security table
# those entries are in alternate security table
...
@@ -143,7 +154,7 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -143,7 +154,7 @@ CREATE TABLE alternate_roles_and_users (
alternate_security_uid
=
user1_alternate_security_uid
)
in
alternate_security_uid
=
user1_alternate_security_uid
)
in
alternate_roles_and_users
)
alternate_roles_and_users
)
self
.
assertTrue
(
dict
(
uid
=
user2
.
getUid
(),
self
.
assertTrue
(
dict
(
uid
=
user2
.
getUid
(),
alternate_security_uid
=
bob
_alternate_security_uid
)
in
alternate_security_uid
=
user2
_alternate_security_uid
)
in
alternate_roles_and_users
)
alternate_roles_and_users
)
# low level check of the security query of a logged in user
# low level check of the security query of a logged in user
...
@@ -168,11 +179,14 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -168,11 +179,14 @@ CREATE TABLE alternate_roles_and_users (
local_roles
=
'Auditor'
)])
local_roles
=
'Auditor'
)])
# searches still work for other users
# searches still work for other users
self
.
login
(
'user2'
)
self
.
assertEquals
([
user2
],
[
o
.
getObject
()
for
o
in
self
.
portal
.
portal_catalog
(
portal_type
=
'Person'
)])
self
.
login
(
'ERP5TypeTestCase'
)
self
.
login
(
'ERP5TypeTestCase'
)
self
.
assertSameSet
([
user1
,
user2
],
self
.
assertSameSet
([
user1
,
user2
],
[
o
.
getObject
()
for
o
in
[
o
.
getObject
()
for
o
in
self
.
portal
.
portal_catalog
(
portal_type
=
'Person'
)])
self
.
portal
.
portal_catalog
(
portal_type
=
'Person'
)])
finally
:
finally
:
# restore catalog configuration
# restore catalog configuration
sql_catalog
.
sql_search_tables
=
current_sql_search_tables
sql_catalog
.
sql_search_tables
=
current_sql_search_tables
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment