slapos_erp5&cloud: Reimplement (and speed up) security to use...

slapos_erp5&cloud: Reimplement (and speed up) security to use ERP5User_getUserSecurityCategoryValueList

master/bt5/slapos_cloud/ExtensionTemplateItem/portal_components/extension.erp5.SlapOSSecurity.py

@@ -25,83 +25,45 @@
 #
 ##############################################################################
 
-from Products.ERP5Security.ERP5GroupManager import ConsistencyError
+#from Products.ERP5Security.ERP5GroupManager import ConsistencyError
 from AccessControl.SecurityManagement import getSecurityManager, \
              setSecurityManager, newSecurityManager
 from AccessControl import Unauthorized
 
-
-def getComputeNodeSecurityCategory(self, base_category_list, user_name,
-                                ob, portal_type):
+def getSlapOSUserSecurityCategoryValue(self):
   """
   This script returns a list of dictionaries which represent
   the security groups which a compute_node is member of.
   """
   category_list = []
+  if self.getPortalType() == 'Compute Node':
+    category_list.append({
+      'role': (
+        (self.getPortalObject().portal_categories.role.computer, False),
+      ),
+    })
 
-  compute_node_list = self.portal_catalog.unrestrictedSearchResults(
-    portal_type='Compute Node',
-    user_id=user_name,
-    validation_state="validated",
-    limit=2,
-  )
+  elif self.getPortalType() == 'Software Instance':
+    instance_role = self.getPortalObject().portal_categories.role.instance
+    category_list.append({'role': ((instance_role, False),),})
 
-  if len(compute_node_list) == 1:
-    category_dict = {}
-    for base_category in base_category_list:
-      if base_category == "role":
-        category_list.append(
-         {base_category: ['role/computer']})
-      elif base_category == "destination_project":
-        compute_node = compute_node_list[0]
-        project = compute_node.getFollowUpValue(portal_type='Project')
-        if project is not None:
-          category_dict.setdefault(base_category, []).append(project.getRelativeUrl())
-      else:
-        raise NotImplementedError('Not supported base category: %s' % base_category)
-    category_list.append(category_dict)
-  elif len(compute_node_list) > 1:
-    raise ConsistencyError("Error: There is more than one Compute Node " \
-                            "with reference '%s'" % user_name)
+    project = self.getFollowUpValue(portal_type='Project')
+    if project is not None:
+      category_list.append(({'destination_project': ((project, False),)}))
+      category_list.append(
+        ({
+          'destination_project': ((project, False),),
+          'role': ((instance_role, False),)
+        })
+      )
 
-  return category_list
+    instance_tree = self.getSpecialiseValue(portal_type='Instance Tree')
+    if instance_tree is not None:
+      category_list.append({'aggregate': ((instance_tree, False),),})
 
-def getSoftwareInstanceSecurityCategory(self, base_category_list, user_name,
-                                ob, portal_type): 
-  """
-  This script returns a list of dictionaries which represent
-  the security groups which a Software Instance is member of.
-  """
-  category_list = []
-
-  software_instance_list = self.portal_catalog.unrestrictedSearchResults(
-    portal_type='Software Instance',
-    user_id=user_name,
-    validation_state="validated",
-    limit=2,
-  )
-
-  if len(software_instance_list) == 1:
-    category_dict = {}
-    for base_category in base_category_list:
-      if base_category == "role":
-        category_dict.setdefault(base_category, []).extend(['role/instance'])
-      elif base_category == "destination_project":
-        software_instance = software_instance_list[0]
-        project = software_instance.getFollowUpValue(portal_type='Project')
-        if project is not None:
-          category_dict.setdefault(base_category, []).append(project.getRelativeUrl())
-      elif base_category == "aggregate":
-        software_instance = software_instance_list[0]
-        instance_tree = software_instance.getSpecialiseValue(portal_type='Instance Tree')
-        if instance_tree is not None:
-          category_dict.setdefault(base_category, []).append(instance_tree.getRelativeUrl())
-      else:
-        raise NotImplementedError('Not supported base category: %s' % base_category)
-    category_list.append(category_dict)
-  elif len(software_instance_list) > 1:
-    raise ConsistencyError("Error: There is more than one Software Instance " \
-                            "with reference %r" % user_name)
+  else:
+    raise NotImplementedError(
+      'Unsupported portal type as user:' % self.getPortalType())
 
   return category_list
 

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryMapping.py

-"""
-Core security script - defines the way to get security groups of the current user.
-
-WARNING: providing such script in erp5_dms could be dangerous
-if this conflicts with an existing production site which uses
-deprecated ERP5Type_asSecurityGroupIdList
-"""
-
-return (
-  # Person security
-  ('ERP5Type_getSecurityCategoryFromAssignment', ['function']),
-  ('ERP5Type_getSecurityCategoryFromAssignmentParent', ['function']),
-  # XXX TODO check that only validated project are used
-  ('ERP5Type_getSecurityCategoryFromAssignment', ['destination_project']),
-  ('ERP5Type_getSecurityCategoryFromAssignment', ['destination_project', 'function']),
-  
-  # Compute Node security
-  ('ERP5Type_getComputeNodeSecurityCategory', ['role']),
-
-  # Instance security
-  ('ERP5Type_getSoftwareInstanceSecurityCategory', ['role']),
-  ('ERP5Type_getSoftwareInstanceSecurityCategory', ['destination_project']),
-  ('ERP5Type_getSoftwareInstanceSecurityCategory', ['destination_project', 'role']),
-  ('ERP5Type_getSoftwareInstanceSecurityCategory', ['aggregate']),
-
-)

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSoftwareInstanceSecurityCategory.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="ExternalMethod" module="Products.ExternalMethod.ExternalMethod"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_function</string> </key>
-            <value> <string>getSoftwareInstanceSecurityCategory</string> </value>
-        </item>
-        <item>
-            <key> <string>_module</string> </key>
-            <value> <string>SlapOSSecurity</string> </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>ERP5Type_getSoftwareInstanceSecurityCategory</string> </value>
-        </item>
-        <item>
-            <key> <string>title</string> </key>
-            <value> <string></string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getComputeNodeSecurityCategory.xml → master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5User_getSlapOSUserSecurityCategoryValue.xml

@@ -8,7 +8,7 @@
       <dictionary>
         <item>
             <key> <string>_function</string> </key>
-            <value> <string>getComputeNodeSecurityCategory</string> </value>
+            <value> <string>getSlapOSUserSecurityCategoryValue</string> </value>
         </item>
         <item>
             <key> <string>_module</string> </key>
@@ -16,7 +16,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>ERP5Type_getComputeNodeSecurityCategory</string> </value>
+            <value> <string>ERP5User_getSlapOSUserSecurityCategoryValue</string> </value>
         </item>
         <item>
             <key> <string>title</string> </key>

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5User_getUserSecurityCategoryValueList.py

+if context.getPortalType() == 'Person':
+  return context.ERP5User_getSecurityCategoryValueFromAssignment(
+    rule_dict={
+      ('function',): ((), ('function',)),
+      ('destination_project',): ((), ),
+      ('destination_project', 'function'): ((), ),
+    },
+  )
+return context.ERP5User_getSlapOSUserSecurityCategoryValue()

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryMapping.xml → master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5User_getUserSecurityCategoryValueList.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>ERP5Type_getSecurityCategoryMapping</string> </value>
+            <value> <string>ERP5User_getUserSecurityCategoryValueList</string> </value>
         </item>
       </dictionary>
     </pickle>