[Erp5-report] r19148 - /erp5/trunk/products/ERP5Catalog/CatalogTool.py

nobody at svn.erp5.org nobody at svn.erp5.org
Thu Feb 7 19:19:41 CET 2008 

Author: nicolas
Date: Thu Feb  7 19:19:41 2008
New Revision: 19148

URL: http://svn.erp5.org?rev=19148&view=rev
Log:
If one of user Role has View permission, authorised all roles

Modified:
    erp5/trunk/products/ERP5Catalog/CatalogTool.py

Modified: erp5/trunk/products/ERP5Catalog/CatalogTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=19148&r1=19147&r2=19148&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Catalog/CatalogTool.py (original)
+++ erp5/trunk/products/ERP5Catalog/CatalogTool.py Thu Feb  7 19:19:41 2008
@@ -144,25 +144,27 @@
             new_dict[key] = new_list
         localroles = new_dict
         for user, roles in localroles.items():
+          # Added for ERP5 project by JP Smets
+          # The reason why we do not want to keep Owner is because we are
+          # trying to reduce the number of security definitions
+          # However, this is a bad idea if we start to use Owner role
+          # as a kind of bamed Assignee and if we need it for worklists. Therefore
+          # we may sometimes catalog the owner user ID whenever the Owner
+          # has view permission (see getAllowedRolesAndUsers bellow
+          # as well as getViewPermissionOwner method in Base)
+          view_role_list = [role for role in roles if allowed.has_key(role) and role != 'Owner']
           for role in roles:
             if allowed.has_key(role):
               if withnuxgroups:
                 allowed[user] = 1
               else:
                 allowed['user:' + user] = 1
-              # Added for ERP5 project by JP Smets
-              # The reason why we do not want to keep Owner is because we are
-              # trying to reduce the number of security definitions
-              # However, this is a bad idea if we start to use Owner role
-              # as a kind of bamed Assignee and if we need it for worklists. Therefore
-              # we may sometimes catalog the owner user ID whenever the Owner
-              # has view permission (see getAllowedRolesAndUsers bellow
-              # as well as getViewPermissionOwner method in Base)
-              if role != 'Owner':
-                if withnuxgroups:
-                  allowed[user + ':' + role] = 1
-                else:
-                  allowed['user:' + user + ':' + role] = 1
+            if view_role_list:
+              #One of Roles has view Permission.
+              if withnuxgroups:
+                allowed[user + ':' + role] = 1
+              else:
+                allowed['user:' + user + ':' + role] = 1
         if allowed.has_key('Owner'):
           del allowed['Owner']
         return list(allowed.keys())

More information about the Erp5-report mailing list