diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index 3e15e1720d614ec53747ec440e3e32f7cac5dd3f..4c092cae0b462e79ffce875fdc8ae755583abebc 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -129,23 +129,30 @@ class IndexableObjectWrapper(object): user_role_dict = {} user_view_permission_role_dict = {} + optimized_role_set = set() + # First parse optimized roles and build optimized_role_set + for role_definition_group, user_and_role_list in local_roles_group_id_group_id.items(): + try: + group_allowed_set = allowed_by_local_roles_group_id[role_definition_group] + except KeyError: + allowed_by_local_roles_group_id[role_definition_group] = group_allowed_set = set() + for user, role in user_and_role_list: + prefix = 'user:' + user + group_allowed_set.update((prefix, '%s:%s' % (prefix, role))) + optimized_role_set.add((user, role)) + + # Then parse other roles for user, roles in localroles.iteritems(): prefix = 'user:' + user for role in roles: if (role in role_dict) and (getUserById(user) is not None): # If role is monovalued, check if key is a user. # If not, continue to index it in roles_and_users table. - user_role_dict[role] = user + if (user, role) not in optimized_role_set: + user_role_dict[role] = user # Only add to user_role_dict if not in optimized_role_set (double check) if role in allowed_role_set: user_view_permission_role_dict[role] = user - elif role in allowed_role_set: - for group in local_roles_group_id_group_id.get(user, ('', )): - try: - group_allowed_set = allowed_by_local_roles_group_id[group] - except KeyError: - allowed_by_local_roles_group_id[group] = group_allowed_set = set() - group_allowed_set.update((prefix, '%s:%s' % (prefix, role))) - + # sort `allowed` principals sorted_allowed_by_local_roles_group_id = {} for local_roles_group_id, allowed in \ diff --git a/product/ERP5Type/ERP5Type.py b/product/ERP5Type/ERP5Type.py index 8d6b8347464994b8e0088d5de97dde116007f575..e27febffaa81a99062f43c03914719524b8caf01 100644 --- a/product/ERP5Type/ERP5Type.py +++ b/product/ERP5Type/ERP5Type.py @@ -97,15 +97,11 @@ class LocalRoleAssignorMixIn(object): for group_id, role_list \ in role_generator.getLocalRolesFor(ob, user_name).iteritems(): group_id_role_dict.setdefault(group_id, set()).update(role_list) - - # don't keep track of default group not to increase db size if local_roles_group_id: - if local_roles_group_id not in \ - local_roles_group_id_group_id.get(group_id, ()): - local_roles_group_id_group_id[group_id] = \ - local_roles_group_id_group_id.get(group_id, ()) +\ - (local_roles_group_id,) - + for role in role_list: + # Feed local_roles_group_id_group_id with local roles assigned to a group + local_roles_group_id_group_id.setdefault(local_roles_group_id, set()).update(((group_id, role),)) + ## Update role assignments to groups # Save the owner for group, role_list in (ob.__ac_local_roles__ or {}).iteritems():