Commit c964d757 authored by Sebastien Robin's avatar Sebastien Robin

allow to do an AND operation if 2 workflows define security settings


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@3826 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 2f2b391f
...@@ -640,6 +640,52 @@ def DCWorkflowDefinition_executeTransition(self, ob, tdef=None, kwargs=None): ...@@ -640,6 +640,52 @@ def DCWorkflowDefinition_executeTransition(self, ob, tdef=None, kwargs=None):
DCWorkflowDefinition._executeTransition = DCWorkflowDefinition_executeTransition DCWorkflowDefinition._executeTransition = DCWorkflowDefinition_executeTransition
from Products.DCWorkflow.utils import modifyRolesForPermission
# Patch updateRoleMappingsFor so that if 2 workflows define security, then we
# should do an AND operation between each permission
def updateRoleMappingsFor(self, ob):
'''
Changes the object permissions according to the current
state.
'''
changed = 0
sdef = self._getWorkflowStateOf(ob)
tool = aq_parent(aq_inner(self))
other_workflow_list = \
[x for x in tool.getWorkflowsFor(ob) if x.id != self.id and isinstance(x,DCWorkflowDefinition)]
other_data_list = []
for other_workflow in other_workflow_list:
other_sdef = other_workflow._getWorkflowStateOf(ob)
if other_sdef is not None and other_sdef.permission_roles is not None:
other_data_list.append((other_workflow,other_sdef))
# Be carefull, permissions_roles should not change
# from list to tuple or vice-versa
if sdef is not None and self.permissions:
for p in self.permissions:
roles = []
role_type = 'list'
if sdef.permission_roles is not None:
roles = sdef.permission_roles.get(p, roles)
if type(roles) is type(()):
role_type='tuple'
roles = list(roles)
# We will check that each role is activated
# in each DCWorkflow
for other_workflow,other_sdef in other_data_list:
if p in other_workflow.permissions:
for role in roles:
if role not in other_sdef.permission_roles.get(p,[]):
roles.remove(role)
if role_type=='tuple':
roles = tuple(roles)
if modifyRolesForPermission(ob, p, roles):
changed = 1
return changed
DCWorkflowDefinition.updateRoleMappingsFor = updateRoleMappingsFor
# This patch allows to use workflowmethod as an after_script # This patch allows to use workflowmethod as an after_script
# However, the right way of doing would be to have a combined state of TRIGGER_USER_ACTION and TRIGGER_WORKFLOW_METHOD # However, the right way of doing would be to have a combined state of TRIGGER_USER_ACTION and TRIGGER_WORKFLOW_METHOD
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment