[Erp5-report] r10629 - in /erp5/trunk/products: ERP5Catalog/ ERP5Security/

nobody at svn.erp5.org nobody at svn.erp5.org
Mon Oct 9 14:47:02 CEST 2006 

Author: jerome
Date: Mon Oct  9 14:47:01 2006
New Revision: 10629

URL: http://svn.erp5.org?rev=10629&view=rev
Log:
support blocking local roles also when cataloging


Modified:
    erp5/trunk/products/ERP5Catalog/CatalogTool.py
    erp5/trunk/products/ERP5Security/__init__.py

Modified: erp5/trunk/products/ERP5Catalog/CatalogTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=10629&r1=10628&r2=10629&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Catalog/CatalogTool.py (original)
+++ erp5/trunk/products/ERP5Catalog/CatalogTool.py Mon Oct  9 14:47:01 2006
@@ -54,12 +54,22 @@
   PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type
 except ImportError:
   PAS_meta_type = ''
+try:
+  from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles
+except ImportError:
+  #pass
+  raise
 
 try:
   from Products.NuxUserGroups import UserFolderWithGroups
   NUG_meta_type = UserFolderWithGroups.meta_type
 except ImportError:
   NUG_meta_type = ''
+try:
+  from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
+  from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
+except ImportError:
+  pass
     
 def getSecurityProduct(acl_users):
   """returns the security used by the user folder passed.
@@ -70,12 +80,6 @@
   elif acl_users.meta_type == NUG_meta_type:
     return SECURITY_USING_NUX_USER_GROUPS
 
-try:
-  from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
-  from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
-except ImportError:
-  pass
-
 class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
 
     def __setattr__(self, name, value):
@@ -92,13 +96,17 @@
         Used by PortalCatalog to filter out items you're not allowed to see.
         """
         ob = self.__ob
-        withnuxgroups = getSecurityProduct(ob.acl_users)\
-                              == SECURITY_USING_NUX_USER_GROUPS
+        security_product = getSecurityProduct(ob.acl_users)
+        withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS
+        withpas = security_product == SECURITY_USING_PAS
+
         allowed = {}
         for r in rolesForPermissionOn('View', ob):
           allowed[r] = 1
         if withnuxgroups:
           localroles = mergedLocalRoles(ob, withgroups=1)
+        elif withpas:
+          localroles = PAS_mergedLocalRoles(ob)
         else:
           # CMF
           localroles = _mergedLocalRoles(ob)

Modified: erp5/trunk/products/ERP5Security/__init__.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/__init__.py?rev=10629&r1=10628&r2=10629&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/__init__.py (original)
+++ erp5/trunk/products/ERP5Security/__init__.py Mon Oct  9 14:47:01 2006
@@ -15,6 +15,8 @@
 """ ERP5Security product initialization.
 """
 
+from copy import deepcopy
+
 from AccessControl.Permissions import manage_users as ManageUsers
 from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
 from Products.PluggableAuthService.permissions import ManageGroups
@@ -22,6 +24,37 @@
 import ERP5UserManager
 import ERP5GroupManager
 import ERP5RoleManager
+
+def mergedLocalRoles(object):
+    """Returns a merging of object and its ancestors'
+    __ac_local_roles__."""
+    # Modified to take into account _getAcquireLocalRoles
+    merged = {}
+    object = getattr(object, 'aq_inner', object)
+    while 1:
+        if hasattr(object, '__ac_local_roles__'):
+            dict = object.__ac_local_roles__ or {}
+            if callable(dict): dict = dict()
+            for k, v in dict.items():
+                if merged.has_key(k):
+                    merged[k] = merged[k] + v
+                else:
+                    merged[k] = v
+        # block acquisition
+        if hasattr(object, '_getAcquireLocalRoles'):
+            if not object._getAcquireLocalRoles():
+                break
+        if hasattr(object, 'aq_parent'):
+            object=object.aq_parent
+            object=getattr(object, 'aq_inner', object)
+            continue
+        if hasattr(object, 'im_self'):
+            object=object.im_self
+            object=getattr(object, 'aq_inner', object)
+            continue
+        break
+
+    return deepcopy(merged)
 
 registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
 registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)

More information about the Erp5-report mailing list