Commit 9bf7a895 authored by Yoshinori Okuji's avatar Yoshinori Okuji

_filterCategoryListByPermission must consider that...

_filterCategoryListByPermission must consider that _getSingleCategoryAcquiredMembershipList may not always include a base category in the result.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@30355 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent f993ad0c
...@@ -865,7 +865,7 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -865,7 +865,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
return result return result
def _filterCategoryListByPermission(self, category_list, permission): def _filterCategoryListByPermission(self, base_category, base, category_list, permission):
"""This method returns a category list filtered by a permission. """This method returns a category list filtered by a permission.
If the permission is None, returns a passed list as it is. If the permission is None, returns a passed list as it is.
""" """
...@@ -877,7 +877,11 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -877,7 +877,11 @@ class CategoryTool( UniqueObject, Folder, Base ):
append = new_category_list.append append = new_category_list.append
for category in category_list: for category in category_list:
try: try:
value = resolveCategory(category) if base:
category_path = category
else:
category_path = '%s/%s' % (base_category, category)
value = resolveCategory(category_path)
if checkPermission(permission, value): if checkPermission(permission, value):
append(category) append(category)
except Unauthorized: except Unauthorized:
...@@ -974,7 +978,7 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -974,7 +978,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
not base_category_value.getAcquisitionAppendValue() and \ not base_category_value.getAcquisitionAppendValue() and \
result: result:
# If acquisition masks and we do not append values, then we must return now # If acquisition masks and we do not append values, then we must return now
return self._filterCategoryListByPermission(result, checked_permission) return self._filterCategoryListByPermission(base_category, base, result, checked_permission)
# First we look at local ids # First we look at local ids
for object_id in base_category_value.getAcquisitionObjectIdList(): for object_id in base_category_value.getAcquisitionObjectIdList():
try: try:
...@@ -998,7 +1002,7 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -998,7 +1002,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
# If acquisition appends, then we must append to the result # If acquisition appends, then we must append to the result
result.extend(new_result) result.extend(new_result)
elif new_result: elif new_result:
return self._filterCategoryListByPermission(new_result, checked_permission) # Found enough information to return return self._filterCategoryListByPermission(base_category, base, new_result, checked_permission) # Found enough information to return
# Next we look at references # Next we look at references
#LOG("Get Acquired BC", 0, base_category_value.getAcquisitionBaseCategoryList()) #LOG("Get Acquired BC", 0, base_category_value.getAcquisitionBaseCategoryList())
acquisition_base_category_list = base_category_value.getAcquisitionBaseCategoryList() acquisition_base_category_list = base_category_value.getAcquisitionBaseCategoryList()
...@@ -1075,7 +1079,7 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -1075,7 +1079,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
self.setCategoryMembership( context, base_category, new_result, self.setCategoryMembership( context, base_category, new_result,
spec=spec, filter=filter, portal_type=portal_type, base=base ) spec=spec, filter=filter, portal_type=portal_type, base=base )
# We found it, we can return # We found it, we can return
return self._filterCategoryListByPermission(new_result, checked_permission) return self._filterCategoryListByPermission(base_category, base, new_result, checked_permission)
if (getattr(base_category_value, 'acquisition_copy_value', False) or \ if (getattr(base_category_value, 'acquisition_copy_value', False) or \
...@@ -1115,7 +1119,7 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -1115,7 +1119,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
result.append(category_value.getRelativeUrl()) result.append(category_value.getRelativeUrl())
# WE MUST IMPLEMENT HERE THE REST OF THE SEMANTICS # WE MUST IMPLEMENT HERE THE REST OF THE SEMANTICS
#LOG("Get Acquired Category Result ",0,str(result)) #LOG("Get Acquired Category Result ",0,str(result))
return self._filterCategoryListByPermission(result, checked_permission) return self._filterCategoryListByPermission(base_category, base, result, checked_permission)
security.declareProtected( Permissions.AccessContentsInformation, security.declareProtected( Permissions.AccessContentsInformation,
'getAcquiredCategoryMembershipList' ) 'getAcquiredCategoryMembershipList' )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment