[Erp5-report] r10629 - in /erp5/trunk/products: ERP5Catalog/ ERP5Security/
nobody at svn.erp5.org
nobody at svn.erp5.org
Mon Oct 9 14:47:02 CEST 2006
Author: jerome
Date: Mon Oct 9 14:47:01 2006
New Revision: 10629
URL: http://svn.erp5.org?rev=10629&view=rev
Log:
support blocking local roles also when cataloging
Modified:
erp5/trunk/products/ERP5Catalog/CatalogTool.py
erp5/trunk/products/ERP5Security/__init__.py
Modified: erp5/trunk/products/ERP5Catalog/CatalogTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=10629&r1=10628&r2=10629&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Catalog/CatalogTool.py (original)
+++ erp5/trunk/products/ERP5Catalog/CatalogTool.py Mon Oct 9 14:47:01 2006
@@ -54,12 +54,22 @@
PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type
except ImportError:
PAS_meta_type = ''
+try:
+ from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles
+except ImportError:
+ #pass
+ raise
try:
from Products.NuxUserGroups import UserFolderWithGroups
NUG_meta_type = UserFolderWithGroups.meta_type
except ImportError:
NUG_meta_type = ''
+try:
+ from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
+ from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
+except ImportError:
+ pass
def getSecurityProduct(acl_users):
"""returns the security used by the user folder passed.
@@ -70,12 +80,6 @@
elif acl_users.meta_type == NUG_meta_type:
return SECURITY_USING_NUX_USER_GROUPS
-try:
- from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
- from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
-except ImportError:
- pass
-
class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
def __setattr__(self, name, value):
@@ -92,13 +96,17 @@
Used by PortalCatalog to filter out items you're not allowed to see.
"""
ob = self.__ob
- withnuxgroups = getSecurityProduct(ob.acl_users)\
- == SECURITY_USING_NUX_USER_GROUPS
+ security_product = getSecurityProduct(ob.acl_users)
+ withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS
+ withpas = security_product == SECURITY_USING_PAS
+
allowed = {}
for r in rolesForPermissionOn('View', ob):
allowed[r] = 1
if withnuxgroups:
localroles = mergedLocalRoles(ob, withgroups=1)
+ elif withpas:
+ localroles = PAS_mergedLocalRoles(ob)
else:
# CMF
localroles = _mergedLocalRoles(ob)
Modified: erp5/trunk/products/ERP5Security/__init__.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/__init__.py?rev=10629&r1=10628&r2=10629&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/__init__.py (original)
+++ erp5/trunk/products/ERP5Security/__init__.py Mon Oct 9 14:47:01 2006
@@ -15,6 +15,8 @@
""" ERP5Security product initialization.
"""
+from copy import deepcopy
+
from AccessControl.Permissions import manage_users as ManageUsers
from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
from Products.PluggableAuthService.permissions import ManageGroups
@@ -22,6 +24,37 @@
import ERP5UserManager
import ERP5GroupManager
import ERP5RoleManager
+
+def mergedLocalRoles(object):
+ """Returns a merging of object and its ancestors'
+ __ac_local_roles__."""
+ # Modified to take into account _getAcquireLocalRoles
+ merged = {}
+ object = getattr(object, 'aq_inner', object)
+ while 1:
+ if hasattr(object, '__ac_local_roles__'):
+ dict = object.__ac_local_roles__ or {}
+ if callable(dict): dict = dict()
+ for k, v in dict.items():
+ if merged.has_key(k):
+ merged[k] = merged[k] + v
+ else:
+ merged[k] = v
+ # block acquisition
+ if hasattr(object, '_getAcquireLocalRoles'):
+ if not object._getAcquireLocalRoles():
+ break
+ if hasattr(object, 'aq_parent'):
+ object=object.aq_parent
+ object=getattr(object, 'aq_inner', object)
+ continue
+ if hasattr(object, 'im_self'):
+ object=object.im_self
+ object=getattr(object, 'aq_inner', object)
+ continue
+ break
+
+ return deepcopy(merged)
registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
More information about the Erp5-report
mailing list