Commit 10fbabe9 authored by Nicolas Delaby's avatar Nicolas Delaby

If one of user Role has View permission, authorised all roles

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19148 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 5c7710dd
...@@ -144,25 +144,27 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): ...@@ -144,25 +144,27 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
new_dict[key] = new_list new_dict[key] = new_list
localroles = new_dict localroles = new_dict
for user, roles in localroles.items(): for user, roles in localroles.items():
# Added for ERP5 project by JP Smets
# The reason why we do not want to keep Owner is because we are
# trying to reduce the number of security definitions
# However, this is a bad idea if we start to use Owner role
# as a kind of bamed Assignee and if we need it for worklists. Therefore
# we may sometimes catalog the owner user ID whenever the Owner
# has view permission (see getAllowedRolesAndUsers bellow
# as well as getViewPermissionOwner method in Base)
view_role_list = [role for role in roles if allowed.has_key(role) and role != 'Owner']
for role in roles: for role in roles:
if allowed.has_key(role): if allowed.has_key(role):
if withnuxgroups: if withnuxgroups:
allowed[user] = 1 allowed[user] = 1
else: else:
allowed['user:' + user] = 1 allowed['user:' + user] = 1
# Added for ERP5 project by JP Smets if view_role_list:
# The reason why we do not want to keep Owner is because we are #One of Roles has view Permission.
# trying to reduce the number of security definitions if withnuxgroups:
# However, this is a bad idea if we start to use Owner role allowed[user + ':' + role] = 1
# as a kind of bamed Assignee and if we need it for worklists. Therefore else:
# we may sometimes catalog the owner user ID whenever the Owner allowed['user:' + user + ':' + role] = 1
# has view permission (see getAllowedRolesAndUsers bellow
# as well as getViewPermissionOwner method in Base)
if role != 'Owner':
if withnuxgroups:
allowed[user + ':' + role] = 1
else:
allowed['user:' + user + ':' + role] = 1
if allowed.has_key('Owner'): if allowed.has_key('Owner'):
del allowed['Owner'] del allowed['Owner']
return list(allowed.keys()) return list(allowed.keys())
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment