Commit 42dfc64d authored by Jean-Paul Smets's avatar Jean-Paul Smets

Fixed complex recursion issue related to the use of python scripts at the core...

Fixed complex recursion issue related to the use of python scripts at the core of security. Replaced them with external methods.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@13022 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 4c2ea0b1
##############################################################################
#
# Copyright (c) 2002-2007 Nexedi SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
def getSecurityCategoryFromAssignment(self, base_category_list, user_name, object, portal_type, child=0):
"""
This script returns a list of dictionaries which represent
the security groups which a person is member of. It extracts
the categories from the current user assignment.
It is useful in the following cases:
- associate a document (ex. an accounting transaction)
to the division which the user was assigned to
at the time it was created
- calculate security membership of a user
The parameters are
base_category_list -- list of category values we need to retrieve
user_name -- string obtained from getSecurityManager().getUser().getId()
object -- object which we want to assign roles to
portal_type -- portal type of object
"""
context = self
category_list = []
# Get the Person module
person_module = context.portal_url.getPortalObject().getDefaultModule('Person')
# It is better to keep getObject(), in this script this
# prevent a very strange bug, sometimes without getObject the
# assignment is not found
person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type='Person', reference=user_name)]
if len(person_object_list) != 1:
if len(person_object_list) > 1:
raise ConsistencyError, "Error: There is more than one Person with reference '%s'" % user_name
else:
# if a person_object was not found in the module, we do nothing more
# this happens for example when a manager with no associated person object
# creates a person_object for a new user
return []
person_object = person_object_list[0]
# We look for every valid assignments of this user
for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
if assignment.getValidationState() == 'open':
category_dict = {}
for base_category in base_category_list:
category_value_list = assignment.getValueList(base_category)
if category_value_list:
for category_value in category_value_list:
if child:
if category_value.getPortalType() == 'Category':
while category_value.getPortalType() == 'Category':
category_dict.setdefault(base_category, []).append('%s*' % category_value.getRelativeUrl())
category_value = category_value.getParentValue()
else:
category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())
else:
category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())
category_list.append(category_dict)
return category_list
def getSecurityCategoryFromAssignmentParent(self, base_category_list,
user_name, object, portal_type):
return getSecurityCategoryFromAssignment(self, base_category_list,
user_name, object, portal_type, child=1)
...@@ -4,24 +4,14 @@ ...@@ -4,24 +4,14 @@
<pickle> <pickle>
<tuple> <tuple>
<tuple> <tuple>
<string>Products.PythonScripts.PythonScript</string> <string>Products.ExternalMethod.ExternalMethod</string>
<string>PythonScript</string> <string>ExternalMethod</string>
</tuple> </tuple>
<none/> <none/>
</tuple> </tuple>
</pickle> </pickle>
<pickle> <pickle>
<dictionary> <dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item> <item>
<key> <string>__ac_local_roles__</string> </key> <key> <string>__ac_local_roles__</string> </key>
<value> <value>
...@@ -29,209 +19,26 @@ ...@@ -29,209 +19,26 @@
</value> </value>
</item> </item>
<item> <item>
<key> <string>_bind_names</string> </key> <key> <string>_function</string> </key>
<value> <value> <string>getSecurityCategoryFromAssignment</string> </value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item> </item>
<item> <item>
<key> <string>_body</string> </key> <key> <string>_module</string> </key>
<value> <string encoding="cdata"><![CDATA[ <value> <string>StandardSecurity</string> </value>
"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current user assignment.\n
It is useful in the following cases:\n
\n
- associate a document (ex. an accounting transaction)\n
to the division which the user was assigned to\n
at the time it was created\n
\n
- calculate security membership of a user\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
# Get the Person module\n
person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
\n
# It is better to keep getObject(), in this script this\n
# prevent a very strange bug, sometimes without getObject the\n
# assignment is not found\n
person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type=\'Person\', reference=user_name)]\n
\n
if len(person_object_list) != 1:\n
if len(person_object_list) > 1:\n
raise ConsistencyError, "Error: There is more than one Person with reference \'%s\'" % user_name\n
else:\n
# if a person_object was not found in the module, we do nothing more\n
# this happens for example when a manager with no associated person object\n
# creates a person_object for a new user\n
return []\n
person_object = person_object_list[0]\n
\n
# We look for every valid assignments of this user\n
for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n
if assignment.getValidationState() == \'open\':\n
category_dict = {}\n
for base_category in base_category_list:\n
category_value_list = assignment.getValueList(base_category)\n
if category_value_list:\n
for category_value in category_value_list:\n
if child:\n
if category_value.getPortalType() == \'Category\':\n
while category_value.getPortalType() == \'Category\':\n
category_dict.setdefault(base_category, []).append(\'%s*\' % category_value.getRelativeUrl())\n
category_value = category_value.getParentValue()\n
else:\n
category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())\n
else:\n
category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())\n
category_list.append(category_dict)\n
\n
return category_list\n
]]></string> </value>
</item> </item>
<item> <item>
<key> <string>_code</string> </key> <key> <string>_owner</string> </key>
<value> <value>
<none/> <none/>
</value> </value>
</item> </item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type, child=0</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>5</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>child</string>
<string>category_list</string>
<string>_getattr_</string>
<string>context</string>
<string>person_module</string>
<string>append</string>
<string>$append0</string>
<string>_getiter_</string>
<string>x</string>
<string>person_object_list</string>
<string>len</string>
<string>ConsistencyError</string>
<string>_getitem_</string>
<string>person_object</string>
<string>assignment</string>
<string>category_dict</string>
<string>base_category</string>
<string>category_value_list</string>
<string>category_value</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<tuple>
<int>0</int>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromAssignment</string> </value> <value> <string>ERP5Type_getSecurityCategoryFromAssignment</string> </value>
</item> </item>
<item> <item>
<key> <string>warnings</string> </key> <key> <string>title</string> </key>
<value> <value> <string></string> </value>
<tuple/>
</value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
......
...@@ -4,24 +4,14 @@ ...@@ -4,24 +4,14 @@
<pickle> <pickle>
<tuple> <tuple>
<tuple> <tuple>
<string>Products.PythonScripts.PythonScript</string> <string>Products.ExternalMethod.ExternalMethod</string>
<string>PythonScript</string> <string>ExternalMethod</string>
</tuple> </tuple>
<none/> <none/>
</tuple> </tuple>
</pickle> </pickle>
<pickle> <pickle>
<dictionary> <dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item> <item>
<key> <string>__ac_local_roles__</string> </key> <key> <string>__ac_local_roles__</string> </key>
<value> <value>
...@@ -29,105 +19,15 @@ ...@@ -29,105 +19,15 @@
</value> </value>
</item> </item>
<item> <item>
<key> <string>_bind_names</string> </key> <key> <string>_function</string> </key>
<value> <value> <string>getSecurityCategoryFromAssignmentParent</string> </value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>return context.ERP5Type_getSecurityCategoryFromAssignment(base_category_list,\n
user_name, object, portal_type, child=1)\n
</string> </value>
</item> </item>
<item> <item>
<key> <string>_code</string> </key> <key> <string>_module</string> </key>
<value> <value> <string>StandardSecurity</string> </value>
<none/>
</value>
</item> </item>
<item> <item>
<key> <string>_filepath</string> </key> <key> <string>_owner</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>4</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>_getattr_</string>
<string>context</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value> <value>
<none/> <none/>
</value> </value>
...@@ -137,10 +37,8 @@ ...@@ -137,10 +37,8 @@
<value> <string>ERP5Type_getSecurityCategoryFromAssignmentParent</string> </value> <value> <string>ERP5Type_getSecurityCategoryFromAssignmentParent</string> </value>
</item> </item>
<item> <item>
<key> <string>warnings</string> </key> <key> <string>title</string> </key>
<value> <value> <string></string> </value>
<tuple/>
</value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment