ERP5Catalog: Make user/group distinction scriptable.

This allows breaking a circular dependency of catalog on itself: to index a local role, catalog must tell whether it's granted to a group or to a user, which used to happen using a catalog lookup (via PAS API), preventing catalog from being rebuilt from scratch. With this change, ERP5Site_filterUserIdSet must be implemented when custom role columns are used (viewable_owner is not concerned by this change). If it is implemented in a way which does not rely on catalog, catalog become rebuildable from a lone ZODB, without double-indexation of users nor security_uid explosion. Nothing prevents relying on catalog (which mayu be desired for backward-compatibility purposes), but such script will not be provided by generic ERP5, as the impossibility of recreating catalog from ZODB is considered a bug, and introducing such script amounts to introducing this bug. Create ERP5Site_filterUserIdList in tests which add custom viewable_* columns.

ERP5Catalog: Make user/group distinction scriptable.
This allows breaking a circular dependency of catalog on itself: to index a local role, catalog must tell whether it's granted to a group or to a user, which used to happen using a catalog lookup (via PAS API), preventing catalog from being rebuilt from scratch. With this change, ERP5Site_filterUserIdSet must be implemented when custom role columns are used (viewable_owner is not concerned by this change). If it is implemented in a way which does not rely on catalog, catalog become rebuildable from a lone ZODB, without double-indexation of users nor security_uid explosion. Nothing prevents relying on catalog (which mayu be desired for backward-compatibility purposes), but such script will not be provided by generic ERP5, as the impossibility of recreating catalog from ZODB is considered a bug, and introducing such script amounts to introducing this bug. Create ERP5Site_filterUserIdList in tests which add custom viewable_* columns.
d0260f5e · Vincent Pelletier · 4c514da5 · d0260f5e · d0260f5e
Commit d0260f5e authored Oct 05, 2018 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 8 deletions

product/ERP5Catalog/CatalogTool.py product/ERP5Catalog/CatalogTool.py +2 -5

product/ERP5Catalog/tests/testERP5Catalog.py product/ERP5Catalog/tests/testERP5Catalog.py +37 -3

No files found.
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -897,11 +897,8 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
        # Note: we mutate the set, so all related wrappers get (purposedly)
        # affected by this, which must happen before _getSecurityParameterList
        # is called (which happens when calling getSecurityUidDict below).
-        user_set += (
-            x['id'] for x in portal.acl_users.searchUsers(
-            id=list(group_and_user_id_set),
-            exact_match=True,
-          )
+        user_set += portal.ERP5Site_filterUserIdSet(
+          group_and_user_id_set=group_and_user_id_set,
        )

      getSecurityUidDict = catalog_value.getSecurityUidDict

--- a/product/ERP5Catalog/tests/testERP5Catalog.py
+++ b/product/ERP5Catalog/tests/testERP5Catalog.py
@@ -2275,7 +2275,15 @@ VALUES
    sql_catalog.sql_catalog_role_keys = (
        'Assignee | %s.viewable_assignee_reference' % \
       local_roles_table,)
-
+    createZODBPythonScript(
+      self.portal.portal_skins.custom,
+      'ERP5Site_filterUserIdSet',
+      'group_and_user_id_set',
+      'actual_user_set = %r\n'
+      'return [x for x in group_and_user_id_set if x in actual_user_set]' % (
+        (user1, user2),
+      ),
+    )
    current_sql_search_tables = sql_catalog.sql_search_tables
    sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \
        [local_roles_table]
@@ -2324,6 +2332,7 @@ VALUES
      result = obj.portal_catalog(portal_type=portal_type, local_roles='Auditor')
      self.assertSameSet([obj2, ], [x.getObject() for x in result])
    finally:
+      self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
      sql_catalog.sql_catalog_object_list = \
        current_sql_catalog_object_list
      sql_catalog.sql_clear_catalog = \
@@ -2441,7 +2450,14 @@ VALUES
    sql_catalog.sql_catalog_role_keys = (
        'Assignee | %s.viewable_assignee_reference' % \
       local_roles_table,)
-
+    createZODBPythonScript(
+      self.portal.portal_skins.custom,
+      'ERP5Site_filterUserIdSet',
+      'group_and_user_id_set',
+      'return [x for x in group_and_user_id_set if x == %r]' % (
+        user1,
+      ),
+    )
    current_sql_search_tables = sql_catalog.sql_search_tables
    sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \
        [local_roles_table]
@@ -2584,6 +2600,7 @@ VALUES
                                    **count_result_kw)))

    finally:
+      self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
      sql_catalog.sql_catalog_object_list = \
        current_sql_catalog_object_list
      sql_catalog.sql_clear_catalog = \
@@ -2692,7 +2709,14 @@ VALUES
        'Owner | viewable_owner',
        'Assignee | %s.viewable_assignee_reference' % \
       local_roles_table,)
-
+    createZODBPythonScript(
+      self.portal.portal_skins.custom,
+      'ERP5Site_filterUserIdSet',
+      'group_and_user_id_set',
+      'return [x for x in group_and_user_id_set if x == %r]' % (
+        user1,
+      ),
+    )
    current_sql_search_tables = sql_catalog.sql_search_tables
    sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \
        [local_roles_table]
@@ -2827,6 +2851,7 @@ VALUES
                                    **count_result_kw)))

    finally:
+      self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
      sql_catalog.sql_catalog_object_list = \
        current_sql_catalog_object_list
      sql_catalog.sql_clear_catalog = \
@@ -2937,6 +2962,14 @@ VALUES

      person = self.portal.person_module.newContent(portal_type='Person')
      user_id = person.Person_getUserId()
+      createZODBPythonScript(
+        self.portal.portal_skins.custom,
+        'ERP5Site_filterUserIdSet',
+        'group_and_user_id_set',
+        'return [x for x in group_and_user_id_set if x == %r]' % (
+          user_id,
+        ),
+      )
      person.manage_setLocalRoles(user_id, ['Assignee'])

      self.tic()
@@ -2952,6 +2985,7 @@ VALUES
      # check that user has optimised security declaration
      self.assertEqual(local_roles_table_result['viewable_assignee_reference'], user_id)
    finally:
+      self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
      sql_catalog.sql_catalog_object_list = \
        current_sql_catalog_object_list
      sql_catalog.sql_clear_catalog = \