diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index 9fd54eaf2b4e621df39891ff10aeec22f5569941..b16c09a8320225c3af908747941e908ce8cbd3ac 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -183,7 +183,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): def __init__(self): ZCatalog.__init__(self, self.getId()) - # Explicite Inheritance + # Explicit Inheritance __url = CMFCoreCatalogTool.__url manage_catalogFind = CMFCoreCatalogTool.manage_catalogFind @@ -440,15 +440,18 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): kw[ 'effective' ] = { 'query' : now, 'range' : 'max' } kw[ 'expires' ] = { 'query' : now, 'range' : 'min' } - - if not kw.has_key('limit'): - kw['limit'] = 1000 - - #LOG("search allowedRolesAndUsers",0,str(kw[ 'allowedRolesAndUsers' ])) - return apply(ZCatalog.searchResults, (self, REQUEST), kw) + kw.setdefault('limit', 1000) + return ZCatalog.searchResults(self, REQUEST, **kw) __call__ = searchResults + security.declarePrivate('unrestrictedSearchResults') + def unrestrictedSearchResults(self, REQUEST=None, **kw): + """Calls ZSQLCatalog.searchResults directly without restrictions. + """ + kw.setdefault('limit', 1000) + return ZCatalog.searchResults(self, REQUEST, **kw) + def countResults(self, REQUEST=None, **kw): """ Calls ZCatalog.countResults with extra arguments that @@ -468,7 +471,13 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): # #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' } # #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' } - return apply(ZCatalog.countResults, (self, REQUEST), kw) + return ZCatalog.countResults(self, REQUEST, **kw) + + security.declarePrivate('unrestrictedCountResults') + def unrestrictedCountResults(self, REQUEST=None, **kw): + """Calls ZSQLCatalog.countResults directly without restrictions. + """ + return ZCatalog.countResults(self, REQUEST, **kw) def wrapObject(self, object, sql_catalog_id=None, **kw): """ diff --git a/product/ERP5Catalog/tests/testERP5Catalog.py b/product/ERP5Catalog/tests/testERP5Catalog.py index 75fb99c515e9bf48ac023d11ee0801f855709079..c0a31bbc09e4fd28e49b008630f7ae3caffd219e 100644 --- a/product/ERP5Catalog/tests/testERP5Catalog.py +++ b/product/ERP5Catalog/tests/testERP5Catalog.py @@ -1328,4 +1328,38 @@ class TestERP5Catalog(ERP5TypeTestCase, LogInterceptor): self.assertEqual(1000,len(self.getCatalogTool()(portal_type='Organisation'))) self.assertEqual(1002,len(self.getCatalogTool()(portal_type='Organisation',limit=None))) + def test_47_Unrestricted(self, quiet=quiet, run=run_all_test): + """test unrestricted search/count results. + """ + if not run: return + if not quiet: + message = 'Unrestricted queries' + ZopeTestCase._print('\n%s ' % message) + LOG('Testing... ',0,message) + login = PortalTestCase.login + + uf = self.getPortal().acl_users + uf._doAddUser('alice', '', ['Member', 'Manager', 'Assignor'], []) + uf._doAddUser('bob', '', ['Member'], []) + # create a document that only alice can view + login(self, 'alice') + folder = self.getOrganisationModule() + ob = folder.newContent(title='Object Title') + ob.manage_permission('View', ['Manager'], 0) + get_transaction().commit() + self.tic() + + # bob cannot see the document + login(self, 'bob') + ctool = self.getCatalogTool() + self.assertEquals(0, len(ctool.searchResults(title='Object Title'))) + self.assertEquals(0, ctool.countResults(title='Object Title')[0][0]) + + # unless using unrestricted searches + self.assertEquals(1, + len(ctool.unrestrictedSearchResults(title='Object Title'))) + self.assertEquals(1, + ctool.unrestrictedCountResults(title='Object Title')[0][0]) + +