Commit 89e254cf authored by Julien Muchembled's avatar Julien Muchembled

Optimimize and split _updateLocalRolesOnObject. Rename get{Action,Role}List.

git-svn-id: https://svn.erp5.org/repos/public/erp5/sandbox/portal_types@29250 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 2e98be8d
...@@ -2463,7 +2463,7 @@ class ActionTemplateItem(ObjectTemplateItem): ...@@ -2463,7 +2463,7 @@ class ActionTemplateItem(ObjectTemplateItem):
for path, action_dict in portal_type_dict.iteritems(): for path, action_dict in portal_type_dict.iteritems():
container = p.unrestrictedTraverse(path) container = p.unrestrictedTraverse(path)
container.manage_delObjects([obj.id container.manage_delObjects([obj.id
for obj in container.getActionList() for obj in container.getActionInformationList()
if obj.reference in action_dict]) if obj.reference in action_dict])
for obj in action_dict.itervalues(): for obj in action_dict.itervalues():
container._importOldAction(obj) container._importOldAction(obj)
...@@ -2544,7 +2544,7 @@ class PortalTypeRolesTemplateItem(BaseTemplateItem): ...@@ -2544,7 +2544,7 @@ class PortalTypeRolesTemplateItem(BaseTemplateItem):
obj = p.unrestrictedTraverse("portal_types/%s" % obj = p.unrestrictedTraverse("portal_types/%s" %
relative_url.split('/', 1)[1]) relative_url.split('/', 1)[1])
self._objects[relative_url] = type_role_list = [] self._objects[relative_url] = type_role_list = []
for role in obj.getRoleList(): for role in obj.getRoleInformationList():
type_role_dict = {} type_role_dict = {}
for k, v in aq_base(role).__getstate__().iteritems(): for k, v in aq_base(role).__getstate__().iteritems():
if k == 'condition': if k == 'condition':
...@@ -2647,7 +2647,7 @@ class PortalTypeRolesTemplateItem(BaseTemplateItem): ...@@ -2647,7 +2647,7 @@ class PortalTypeRolesTemplateItem(BaseTemplateItem):
obj = p.unrestrictedTraverse(path, None) obj = p.unrestrictedTraverse(path, None)
if obj is not None: if obj is not None:
# reset roles before applying # reset roles before applying
obj.manage_delObjects([x.id for x in obj.getRoleList()]) obj.manage_delObjects([x.id for x in obj.getRoleInformationList()])
type_roles_list = self._objects[roles_path] or [] type_roles_list = self._objects[roles_path] or []
for role_property_dict in type_roles_list: for role_property_dict in type_roles_list:
obj._importRole(role_property_dict) obj._importRole(role_property_dict)
......
...@@ -378,7 +378,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -378,7 +378,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
base_cat.manage_delObjects(list(base_cat.objectIds())) base_cat.manage_delObjects(list(base_cat.objectIds()))
# clear role definitions # clear role definitions
for ti in self.getTypesTool().objectValues(): for ti in self.getTypesTool().objectValues():
ti.manage_delObjects([x.id for x in ti.getRoleList()]) ti.manage_delObjects([x.id for x in ti.getRoleInformationList()])
# clear modules # clear modules
for module in self.portal.objectValues(): for module in self.portal.objectValues():
if module.getId().endswith('_module'): if module.getId().endswith('_module'):
......
...@@ -73,15 +73,15 @@ class ActionInformation(XMLObject): ...@@ -73,15 +73,15 @@ class ActionInformation(XMLObject):
def _setActionExpression(self, value): def _setActionExpression(self, value):
if isinstance(value, basestring): if isinstance(value, basestring):
value = Expression(value) value = value and Expression(value) or None
self._baseSetActionExpression(value) self._baseSetActionExpression(value)
def _setCondition(self, value): def _setCondition(self, value):
if isinstance(value, basestring): if isinstance(value, basestring):
value = Expression(value) value = value and Expression(value) or None
self._baseSetCondition(value) self._baseSetCondition(value)
def _setIcon(self, value): def _setIcon(self, value):
if isinstance(value, basestring): if isinstance(value, basestring):
value = Expression(value) value = value and Expression(value) or None
self._baseSetIcon(value) self._baseSetIcon(value)
def getCondition(self): def getCondition(self):
......
...@@ -245,7 +245,7 @@ class ERP5TypeInformation(XMLObject, ...@@ -245,7 +245,7 @@ class ERP5TypeInformation(XMLObject,
# which acquire their security definition from their parent # which acquire their security definition from their parent
# The downside of this optimisation is that it is not possible to # The downside of this optimisation is that it is not possible to
# set a local role definition if the local role list is empty # set a local role definition if the local role list is empty
if self.getRoleList(): if self.getRoleInformationList():
self.updateLocalRolesOnObject(ob) self.updateLocalRolesOnObject(ob)
# notify workflow after generating local roles, in order to prevent # notify workflow after generating local roles, in order to prevent
...@@ -349,9 +349,46 @@ class ERP5TypeInformation(XMLObject, ...@@ -349,9 +349,46 @@ class ERP5TypeInformation(XMLObject,
'your setup. '\ 'your setup. '\
'Please install it to benefit from group-based security' 'Please install it to benefit from group-based security'
group_id_role_dict = self.getGroupIdRoleDict(ob, user_name)
# Update role assignments to groups
if ERP5UserManager is not None: # Default implementation
# Clean old group roles
old_group_list = ob.get_local_roles()
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
if role_list:
ob.manage_addLocalRoles(group, role_list)
else: # NuxUserGroups implementation
# Clean old group roles
old_group_list = ob.get_local_group_roles()
# We duplicate role settings to mimic PAS
ob.manage_delLocalGroupRoles([x[0] for x in old_group_list])
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
group_id_role_dict.setdefault(group, set()).add('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.iteritems():
# We duplicate role settings to mimic PAS
ob.manage_addLocalGroupRoles(group, role_list)
ob.manage_addLocalRoles(group, role_list)
# Make sure that the object is reindexed
if reindex:
ob.reindexObjectSecurity()
security.declareProtected(Permissions.AccessContentsInformation,
"getGroupIdRoleDict")
def getGroupIdRoleDict(self, ob, user_name=None):
# Create an empty local Role Definition dict # Create an empty local Role Definition dict
role_category_list_dict = {} role_category_list_dict = {}
role_group_list_dict = {} group_id_role_dict = {}
# Fill it with explicit local roles defined as subobjects of current # Fill it with explicit local roles defined as subobjects of current
# object # object
...@@ -416,17 +453,20 @@ class ERP5TypeInformation(XMLObject, ...@@ -416,17 +453,20 @@ class ERP5TypeInformation(XMLObject,
for c in role.getRoleCategoryList(): for c in role.getRoleCategoryList():
bc, value = c.split('/', 1) bc, value = c.split('/', 1)
category_definition_dict.setdefault(bc, []).append(value) category_definition_dict.setdefault(bc, []).append(value)
# Now create role dict for each roles
for role in role.getRoleNameList(): role_list = role.getRoleNameList()
if isinstance(category_result, dict): if isinstance(category_result, dict):
# category_result is a dict (which provide group IDs directly) # category_result is a dict (which provide group IDs directly)
# which represents of mapping of roles, security group IDs # which represents of mapping of roles, security group IDs
# XXX explain that this is for providing user IDs mostly # XXX explain that this is for providing user IDs mostly
role_group_list = role_group_list_dict.setdefault(role, []) for role, group_id_list in category_result.iteritems():
for k, v in category_result.items(): if role in role_list:
if k == role: for group_id in group_id_list:
role_group_list.extend(v) group_id_role_dict.setdefault(group_id, set()).add(role)
else: else:
# Now create role dict for each roles
for role in role_list:
# category_result is a list of dicts that represents the resolved # category_result is a list of dicts that represents the resolved
# categories we create a category_value_dict from each of these # categories we create a category_value_dict from each of these
# dicts aggregated with category_order and statically defined # dicts aggregated with category_order and statically defined
...@@ -439,81 +479,30 @@ class ERP5TypeInformation(XMLObject, ...@@ -439,81 +479,30 @@ class ERP5TypeInformation(XMLObject,
role_category_list.append(category_value_dict) role_category_list.append(category_value_dict)
# Generate security group ids from category_value_dicts # Generate security group ids from category_value_dicts
role_group_id_dict = {} group_id_generator = getattr(aq_parent(ob),
parent = ob.aq_parent ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT)
group_id_generator = getattr( parent,
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT,
None )
group_id_generator = group_id_generator.__of__(ob) group_id_generator = group_id_generator.__of__(ob)
if group_id_generator is None: for role, value_list in role_category_list_dict.iteritems():
raise RuntimeError, '%s script was not found' % \ role_group_set = group_id_role_dict.setdefault(role, set())
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
for role, group_list in role_group_list_dict.items():
role_group_id_dict.setdefault(role, []).extend(group_list)
for role, value_list in role_category_list_dict.items():
role_group_dict = {}
for category_dict in value_list: for category_dict in value_list:
group_id = group_id_generator(**category_dict) # category_order is passed in the dict group_id_list = group_id_generator(**category_dict) # category_order is passed in the dict
# If group_id is not defined, do not use it # If group_id is not defined, do not use it
if group_id not in (None, ''): if group_id_list:
if isinstance(group_id, str): if isinstance(group_id_list, str):
# Single group is defined (this is usually for group membership) # Single group is defined (this is usually for group membership)
# DEPRECATED due to cartesian product requirement # DEPRECATED due to cartesian product requirement
role_group_dict[group_id] = 1 group_id_list = group_id_list,
else:
# Multiple groups are defined (list of users # Multiple groups are defined (list of users
# or list of group IDs resulting from a cartesian product) # or list of group IDs resulting from a cartesian product)
for user_id in group_id: for group_id in group_id_list:
role_group_dict[user_id] = 1 group_id_role_dict.setdefault(group_id, set()).add(role)
role_group_id_dict.setdefault(role, []).extend(role_group_dict.keys())
# Switch index from role to group id return group_id_role_dict
group_id_role_dict = {}
for role, group_list in role_group_id_dict.items():
for group_id in group_list:
group_id_role_dict.setdefault(group_id, []).append(role)
# Update role assignments to groups
if ERP5UserManager is not None: # Default implementation
# Clean old group roles
old_group_list = ob.get_local_roles()
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
if not group_id_role_dict.has_key(group):
group_id_role_dict[group] = ('Owner',)
else:
group_id_role_dict[group].append('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.items():
ob.manage_addLocalRoles(group, role_list)
else: # NuxUserGroups implementation
# Clean old group roles
old_group_list = ob.get_local_group_roles()
# We duplicate role settings to mimic PAS
ob.manage_delLocalGroupRoles([x[0] for x in old_group_list])
ob.manage_delLocalRoles([x[0] for x in old_group_list])
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
if not group_id_role_dict.has_key(group):
group_id_role_dict[group] = ('Owner',)
else:
group_id_role_dict[group].append('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.items():
# We duplicate role settings to mimic PAS
ob.manage_addLocalGroupRoles(group, role_list)
ob.manage_addLocalRoles(group, role_list)
# Make sure that the object is reindexed
if reindex:
ob.reindexObjectSecurity()
security.declarePrivate('getFilteredRoleListFor') security.declarePrivate('getFilteredRoleListFor')
def getFilteredRoleListFor(self, ob=None): def getFilteredRoleListFor(self, ob=None):
"""Return all roles applicable to the object against user.""" """Return all roles applicable to the object against user."""
portal = self.portal_url.getPortalObject() portal = self.getPortalObject()
if ob is None: if ob is None:
folder = portal folder = portal
else: else:
...@@ -522,13 +511,13 @@ class ERP5TypeInformation(XMLObject, ...@@ -522,13 +511,13 @@ class ERP5TypeInformation(XMLObject,
# object that claims it's a folder. # object that claims it's a folder.
while folder is not None: while folder is not None:
if getattr(aq_base(folder), 'isPrincipiaFolderish', 0): if getattr(aq_base(folder), 'isPrincipiaFolderish', 0):
# found it. break # found it.
break
else: else:
folder = aq_parent(folder) folder = aq_parent(folder)
ec = createExprContext(folder, portal, ob) ec = createExprContext(folder, portal, ob)
return (role for role in self.getRoleList() if role.testCondition(ec)) return (role for role in self.getRoleInformationList()
if role.testCondition(ec))
security.declareProtected(Permissions.ManagePortal, 'updateRoleMapping') security.declareProtected(Permissions.ManagePortal, 'updateRoleMapping')
def updateRoleMapping(self, REQUEST=None, form_id=''): def updateRoleMapping(self, REQUEST=None, form_id=''):
...@@ -599,13 +588,13 @@ class ERP5TypeInformation(XMLObject, ...@@ -599,13 +588,13 @@ class ERP5TypeInformation(XMLObject,
# USE_BASE_TYPE # USE_BASE_TYPE
# #
security.declarePrivate('getRoleList') security.declarePrivate('getRoleInformationList')
def getRoleList(self): def getRoleInformationList(self):
"""Return all roles for this portal type""" """Return all roles for this portal type"""
return self.objectValues(portal_type='Role Information') return self.objectValues(portal_type='Role Information')
security.declarePrivate('getActionList') security.declarePrivate('getActionInformationList')
def getActionList(self): def getActionInformationList(self):
"""Return all actions for this portal type""" """Return all actions for this portal type"""
return self.objectValues(portal_type='Action Information') return self.objectValues(portal_type='Action Information')
...@@ -672,7 +661,8 @@ class ERP5TypeInformation(XMLObject, ...@@ -672,7 +661,8 @@ class ERP5TypeInformation(XMLObject,
security.declarePrivate('listActions') security.declarePrivate('listActions')
def listActions(self, info=None, object=None): def listActions(self, info=None, object=None):
""" List all the actions defined by a provider.""" """ List all the actions defined by a provider."""
return sorted(self.getActionList(), key=lambda x: x.getFloatIndex()) return sorted(self.getActionInformationList(),
key=lambda x: x.getFloatIndex())
def _importOldAction(self, old_action): def _importOldAction(self, old_action):
from Products.ERP5Type.Document.ActionInformation import ActionInformation from Products.ERP5Type.Document.ActionInformation import ActionInformation
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment