ZODB Components: Developer Role was not returned by getRoles() for users added...

ZODB Components: Developer Role was not returned by getRoles() for users added through erp5.acl_users.

It was only working if the user was only in Zope acl_users but not ERP5
acl_users because getRole() was not monkey-patch in contrary to AccessControl
BasicUser.

product/ERP5Type/patches/PropertiedUser.py

@@ -90,6 +90,28 @@ def getRolesInContext( self, object ):
 
 from App.config import getConfiguration
 
+def getRoles( self ):
+    """ -> [ role ]
+
+    o Include only "global" roles.
+    """
+    role_tuple = self._roles.keys()
+    if role_tuple:
+        product_config = getattr(getConfiguration(), 'product_config', None)
+        if product_config:
+            config = product_config.get('erp5')
+            if config:
+                role_set = set(role_tuple)
+                user_id = self.getId()
+                if config and user_id in config.developer_list:
+                    role_set.add('Developer')
+                elif user_id in role_set:
+                    role_set.remove('Developer')
+
+                return role_set
+
+    return role_tuple
+
 def allowed(self, object, object_roles=None ):
 
     """ Check whether the user has access to object.
@@ -205,3 +227,4 @@ def allowed(self, object, object_roles=None ):
 if PropertiedUser is not None:
   PropertiedUser.getRolesInContext = getRolesInContext
   PropertiedUser.allowed = allowed
+  PropertiedUser.getRoles = getRoles

[Vincent Pelletier]

It is not good to complexify getRoles: this method is called each time a restricted operation is done. IOW, about every "." in a python script calls this code implicitely.

It should be possible to instead customise user creation so that it grants the role when creating the user (EDIT: and it is actually possible, I implemented it and it passes the unittests I throw at it so far and along with a few more related changes - wow, user code is triplicated ! - speeds up noticeably), so that configuration lookup is done once per transaction and not hundreds of times.

But I do not understand the point of elif user_id in role_set:. Could you explain why it is here ?

[Arnaud Fontaine]

As per our discussion on Jabber, I looked into it quickly but I cannot remember why so it will take some time to investigate more. As this is it not urgent and Unit Tests are not passing as you said, I will do that after merging ba2e2a34. Ping me again if that's blocking you or if I forget though. Thanks for improving performances!