support blocking local roles also when cataloging

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10629 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5Catalog/CatalogTool.py

@@ -54,12 +54,22 @@ try:
   PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type
 except ImportError:
   PAS_meta_type = ''
+try:
+  from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles
+except ImportError:
+  #pass
+  raise
 
 try:
   from Products.NuxUserGroups import UserFolderWithGroups
   NUG_meta_type = UserFolderWithGroups.meta_type
 except ImportError:
   NUG_meta_type = ''
+try:
+  from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
+  from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
+except ImportError:
+  pass
     
 def getSecurityProduct(acl_users):
   """returns the security used by the user folder passed.
@@ -70,12 +80,6 @@ def getSecurityProduct(acl_users):
   elif acl_users.meta_type == NUG_meta_type:
     return SECURITY_USING_NUX_USER_GROUPS
 
-try:
-  from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
-  from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
-except ImportError:
-  pass
-
 class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
 
     def __setattr__(self, name, value):
@@ -92,13 +96,17 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
         Used by PortalCatalog to filter out items you're not allowed to see.
         """
         ob = self.__ob
-        withnuxgroups = getSecurityProduct(ob.acl_users)\
-                              == SECURITY_USING_NUX_USER_GROUPS
+        security_product = getSecurityProduct(ob.acl_users)
+        withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS
+        withpas = security_product == SECURITY_USING_PAS
+
         allowed = {}
         for r in rolesForPermissionOn('View', ob):
           allowed[r] = 1
         if withnuxgroups:
           localroles = mergedLocalRoles(ob, withgroups=1)
+        elif withpas:
+          localroles = PAS_mergedLocalRoles(ob)
         else:
           # CMF
           localroles = _mergedLocalRoles(ob)

product/ERP5Security/__init__.py

@@ -15,6 +15,8 @@
 """ ERP5Security product initialization.
 """
 
+from copy import deepcopy
+
 from AccessControl.Permissions import manage_users as ManageUsers
 from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
 from Products.PluggableAuthService.permissions import ManageGroups
@@ -23,6 +25,37 @@ import ERP5UserManager
 import ERP5GroupManager
 import ERP5RoleManager
 
+def mergedLocalRoles(object):
+    """Returns a merging of object and its ancestors'
+    __ac_local_roles__."""
+    # Modified to take into account _getAcquireLocalRoles
+    merged = {}
+    object = getattr(object, 'aq_inner', object)
+    while 1:
+        if hasattr(object, '__ac_local_roles__'):
+            dict = object.__ac_local_roles__ or {}
+            if callable(dict): dict = dict()
+            for k, v in dict.items():
+                if merged.has_key(k):
+                    merged[k] = merged[k] + v
+                else:
+                    merged[k] = v
+        # block acquisition
+        if hasattr(object, '_getAcquireLocalRoles'):
+            if not object._getAcquireLocalRoles():
+                break
+        if hasattr(object, 'aq_parent'):
+            object=object.aq_parent
+            object=getattr(object, 'aq_inner', object)
+            continue
+        if hasattr(object, 'im_self'):
+            object=object.im_self
+            object=getattr(object, 'aq_inner', object)
+            continue
+        break
+
+    return deepcopy(merged)
+
 registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
 registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
 registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)