Commit da29e93c authored by Vincent Pelletier's avatar Vincent Pelletier

CatalogTool: Assorted readability improvements.

Fix a misnamed local.
Use iteritems.
Move variables next to the loop they act on.
Rewrite comments to better reflect the intention when it is not obvious in
the implementation.
Move a loop-invariant out of loop ((user, role) not in optimized_role_set).
Do not use set.update on an iterable constructed just for the call, call
set.add on each item.
parent ed0c06f9
...@@ -140,7 +140,7 @@ class IndexableObjectWrapper(object): ...@@ -140,7 +140,7 @@ class IndexableObjectWrapper(object):
allowed_role_set.discard('Owner') allowed_role_set.discard('Owner')
# XXX make this a method of base ? # XXX make this a method of base ?
local_roles_group_id_group_id = deepcopy(getattr(ob, local_roles_group_id_dict = deepcopy(getattr(ob,
'__ac_local_roles_group_id_dict__', {})) '__ac_local_roles_group_id_dict__', {}))
# If we acquire a permission, then we also want to acquire the local # If we acquire a permission, then we also want to acquire the local
...@@ -153,7 +153,7 @@ class IndexableObjectWrapper(object): ...@@ -153,7 +153,7 @@ class IndexableObjectWrapper(object):
getattr(local_roles_container, getattr(local_roles_container,
'__ac_local_roles_group_id_dict__', '__ac_local_roles_group_id_dict__',
{}).items(): {}).items():
local_roles_group_id_group_id.setdefault(role_definition_group, set() local_roles_group_id_dict.setdefault(role_definition_group, set()
).update(user_and_role_list) ).update(user_and_role_list)
else: else:
break break
...@@ -161,11 +161,8 @@ class IndexableObjectWrapper(object): ...@@ -161,11 +161,8 @@ class IndexableObjectWrapper(object):
allowed_by_local_roles_group_id = {} allowed_by_local_roles_group_id = {}
allowed_by_local_roles_group_id[''] = allowed_role_set allowed_by_local_roles_group_id[''] = allowed_role_set
user_role_dict = {}
user_view_permission_role_dict = {}
optimized_role_set = set() optimized_role_set = set()
# First parse optimized roles and build optimized_role_set for role_definition_group, user_and_role_list in local_roles_group_id_dict.iteritems():
for role_definition_group, user_and_role_list in local_roles_group_id_group_id.items():
group_allowed_set = allowed_by_local_roles_group_id.setdefault( group_allowed_set = allowed_by_local_roles_group_id.setdefault(
role_definition_group, set()) role_definition_group, set())
for user, role in user_and_role_list: for user, role in user_and_role_list:
...@@ -173,30 +170,33 @@ class IndexableObjectWrapper(object): ...@@ -173,30 +170,33 @@ class IndexableObjectWrapper(object):
prefix = 'user:' + user prefix = 'user:' + user
group_allowed_set.update((prefix, '%s:%s' % (prefix, role))) group_allowed_set.update((prefix, '%s:%s' % (prefix, role)))
optimized_role_set.add((user, role)) optimized_role_set.add((user, role))
user_role_dict = {}
# Then parse other roles user_view_permission_role_dict = {}
for user, (roles, user_exists) in localroles.iteritems(): for user, (roles, user_exists) in localroles.iteritems():
prefix = 'user:' + user prefix = 'user:' + user
for role in roles: for role in roles:
is_not_in_optimised_role_set = (user, role) not in optimized_role_set
if user_exists and role in role_dict: if user_exists and role in role_dict:
# If role is monovalued, check if key is a user. # User is a user (= not a group) and role is configured as
# If not, continue to index it in roles_and_users table. # monovalued.
if (user, role) not in optimized_role_set: if is_not_in_optimised_role_set:
user_role_dict[role] = user # Only add to user_role_dict if not in optimized_role_set (double check) user_role_dict[role] = user
if role in allowed_role_set: if role in allowed_role_set:
# ...and local role grants view permission.
user_view_permission_role_dict[role] = user user_view_permission_role_dict[role] = user
elif role in allowed_role_set: elif role in allowed_role_set:
for group in local_roles_group_id_group_id.get(user, ('', )): # User is a group and local role grants view permission.
for group in local_roles_group_id_dict.get(user, ('', )):
group_allowed_set = allowed_by_local_roles_group_id.setdefault( group_allowed_set = allowed_by_local_roles_group_id.setdefault(
group, set()) group, set())
if (user, role) not in optimized_role_set: if is_not_in_optimised_role_set:
# add only if not already added to optimized_role_set to avoid polluting indexation table group_allowed_set.add(prefix)
group_allowed_set.update((prefix, '%s:%s' % (prefix, role))) group_allowed_set.add('%s:%s' % (prefix, role))
# sort `allowed` principals # sort `allowed` principals
sorted_allowed_by_local_roles_group_id = {} sorted_allowed_by_local_roles_group_id = {}
for local_roles_group_id, allowed in \ for local_roles_group_id, allowed in \
allowed_by_local_roles_group_id.items(): allowed_by_local_roles_group_id.iteritems():
sorted_allowed_by_local_roles_group_id[local_roles_group_id] = tuple( sorted_allowed_by_local_roles_group_id[local_roles_group_id] = tuple(
sorted(allowed)) sorted(allowed))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment