Commit 86f086de authored by Julien Muchembled's avatar Julien Muchembled

Prepare interfaces for roles.

git-svn-id: https://svn.erp5.org/repos/public/erp5/sandbox/portal_types@29253 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 35147f30
......@@ -52,12 +52,11 @@ class RoleDefinition(XMLObject):
, PropertySheet.RoleDefinition
)
security.declareProtected(Permissions.AccessContentsInformation,
'getGroupIdRoleList')
def getGroupIdRoleList(self, ob, user_name=None):
security.declarePrivate("getLocalRolesFor")
def getLocalRolesFor(self, ob, user_name=None):
group_id_generator = getattr(ob,
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT)
role_list = self.getRoleName(),
return ((group_id, role_list)
return dict((group_id, role_list)
for group_id in group_id_generator(category_order=('agent',),
agent=self.getAgentList()))
......@@ -34,6 +34,8 @@ class RoleInformation(XMLObject):
Roles definitions defines local roles on ERP5Type documents. They are
applied by the updateLocalRolesOnDocument method.
"""
# ILocalRoleGenerator
meta_type = 'ERP5 Role Information'
portal_type = 'Role Information'
add_permission = Permissions.AddPortalContent
......@@ -83,11 +85,11 @@ class RoleInformation(XMLObject):
self.getRoleBaseCategoryScriptId()]
return ' '.join(filter(None, search_source_list))
security.declarePrivate('getGroupIdRoleList')
def getGroupIdRoleList(self, ob, user_name=None):
"""Generate security groups (with roles) to be set on a document
security.declarePrivate("getLocalRolesFor")
def getLocalRolesFor(self, ob, user_name=None):
"""Compute the security that should be applied on an object
Each returned value is a 2-tuple (group_id, role_name_list).
Returned value is a dict: {groud_id: role_name_set, ...}
"""
# get the list of base_categories that are statically defined
static_base_category_list = [x.split('/', 1)[0]
......@@ -120,7 +122,7 @@ class RoleInformation(XMLObject):
# security for this object, we can just have it return None
# instead of a dict or list of dicts
if category_result is None:
return
return {}
else:
# no base_category needs to be retrieved using the script, we use
# a list containing an empty dict to trick the system into
......@@ -128,6 +130,7 @@ class RoleInformation(XMLObject):
# defined categories)
category_result = [{}]
group_id_role_dict = {}
role_list = self.getRoleNameList()
if isinstance(category_result, dict):
......@@ -137,7 +140,7 @@ class RoleInformation(XMLObject):
for role, group_id_list in category_result.iteritems():
if role in role_list:
for group_id in group_id_list:
yield group_id, (role,)
group_id_role_dict.setdefault(group_id, set()).add(role)
else:
group_id_generator = getattr(ob,
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT)
......@@ -165,7 +168,9 @@ class RoleInformation(XMLObject):
# Multiple groups are defined (list of users
# or list of group IDs resulting from a cartesian product)
for group_id in group_id_list:
yield group_id, role_list
group_id_role_dict[group_id] = role_list
return group_id_role_dict
InitializeClass(RoleInformation)
......@@ -83,6 +83,8 @@ class ERP5TypeInformation(XMLObject,
isPortalContent = 1
isRADContent = 1
# ILocalRoleAssignor
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
......@@ -343,7 +345,7 @@ class ERP5TypeInformation(XMLObject,
'your setup. '\
'Please install it to benefit from group-based security'
group_id_role_dict = self.getGroupIdRoleDict(ob, user_name)
group_id_role_dict = self.getLocalRolesFor(ob, user_name)
# Update role assignments to groups
if ERP5UserManager is not None: # Default implementation
......@@ -377,17 +379,17 @@ class ERP5TypeInformation(XMLObject,
if reindex:
ob.reindexObjectSecurity()
security.declarePrivate("getGroupIdRoleDict")
def getGroupIdRoleDict(self, ob, user_name=None):
security.declarePrivate("getLocalRolesFor")
def getLocalRolesFor(self, ob, user_name=None):
"""Compute the security that should be applied on an object
Returned value is a dict: {groud_id: role_name_set, ...}
"""
group_id_role_dict = {}
for roledef in ob.objectValues(portal_type='Role Definition'):
# Retrieve and parse applicable roles
# Merge results from applicable roles
for role in self.getFilteredRoleListFor(ob):
for group_id, role_list in role.getGroupIdRoleList(ob, user_name):
for group_id, role_list \
in role.getLocalRolesFor(ob, user_name).iteritems():
group_id_role_dict.setdefault(group_id, set()).update(role_list)
return group_id_role_dict
......@@ -413,7 +415,8 @@ class ERP5TypeInformation(XMLObject,
yield role
# Return also explicit local roles defined as subobjects of the document
if getattr(aq_base(ob), 'isPrincipiaFolderish', 0):
if getattr(aq_base(ob), 'isPrincipiaFolderish', 0) and \
self.allowType('Role Definition'):
for role in ob.objectValues(portal_type='Role Definition'):
if role.getRoleName():
yield role
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment