Commit 3e5293c6 authored by Vincent Pelletier's avatar Vincent Pelletier

Extend security API to be able to return a list of security uid.

Update WorkflowTool patch since it requires it.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@15430 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 0e7b2feb
...@@ -460,12 +460,27 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -460,12 +460,27 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return allowedRolesAndUsers, role_column_dict return allowedRolesAndUsers, role_column_dict
def getSecurityUidList(self, **kw):
"""
Return a list of security Uids.
TODO: Add a cache.
"""
allowedRolesAndUsers, role_column_dict = self.getAllowedRolesAndUsers(**kw)
catalog = self.getSQLCatalog()
method = getattr(catalog, catalog.sql_search_security)
allowedRolesAndUsers = ["'%s'" % (role, ) for role in allowedRolesAndUsers]
security_uid_list = [x.uid for x in method(security_roles_list = allowedRolesAndUsers)]
return security_uid_list
security.declarePublic( 'getSecurityQuery' ) security.declarePublic( 'getSecurityQuery' )
def getSecurityQuery(self, query=None, **kw): def getSecurityQuery(self, query=None, **kw):
""" """
Build a query based on allowed roles or on a list of security_uid Build a query based on allowed roles or on a list of security_uid
values. The query takes into account the fact that some roles are values. The query takes into account the fact that some roles are
catalogued with columns. catalogued with columns.
TODO: use getSecurityUidList and drop compatibility with old
security system.
""" """
allowedRolesAndUsers, role_column_dict = self.getAllowedRolesAndUsers(**kw) allowedRolesAndUsers, role_column_dict = self.getAllowedRolesAndUsers(**kw)
catalog = self.getSQLCatalog() catalog = self.getSQLCatalog()
......
...@@ -113,7 +113,7 @@ SECURITY_COLUMN_ID = 'security_uid' ...@@ -113,7 +113,7 @@ SECURITY_COLUMN_ID = 'security_uid'
COUNT_COLUMN_TITLE = 'count' COUNT_COLUMN_TITLE = 'count'
INTERNAL_CRITERION_KEY_LIST = (WORKLIST_METADATA_KEY, SECURITY_PARAMETER_ID) INTERNAL_CRITERION_KEY_LIST = (WORKLIST_METADATA_KEY, SECURITY_PARAMETER_ID)
def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurityQuery): def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurityUidList):
""" """
Get a list of dict of WorklistVariableMatchDict grouped by compatible conditions. Get a list of dict of WorklistVariableMatchDict grouped by compatible conditions.
Strip any variable which is not a catalog column. Strip any variable which is not a catalog column.
...@@ -151,9 +151,6 @@ def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurity ...@@ -151,9 +151,6 @@ def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurity
if criterion_id in acceptable_key_dict or criterion_id in WORKLIST_METADATA_KEY: if criterion_id in acceptable_key_dict or criterion_id in WORKLIST_METADATA_KEY:
valid_criterion_dict[criterion_id] = criterion_value valid_criterion_dict[criterion_id] = criterion_value
elif criterion_id == SECURITY_PARAMETER_ID: elif criterion_id == SECURITY_PARAMETER_ID:
# XXX: Only call getSecurityQuery to get the security uid list from
# generated query. The security API should be extended to allow
# access to those intermediate values.
# Caching is done at this level to be as fast as possible. # Caching is done at this level to be as fast as possible.
security_cache_key = list(criterion_value) security_cache_key = list(criterion_value)
security_cache_key.sort() security_cache_key.sort()
...@@ -161,7 +158,7 @@ def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurity ...@@ -161,7 +158,7 @@ def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurity
if security_cache_key in security_cache: if security_cache_key in security_cache:
criterion_value = security_cache[security_cache_key] criterion_value = security_cache[security_cache_key]
else: else:
security_query = getSecurityQuery(**{criterion_id: criterion_value}) security_query = getSecurityUidList(**{criterion_id: criterion_value})
criterion_value = security_query.getValue() criterion_value = security_query.getValue()
security_cache[security_cache_key] = criterion_value security_cache[security_cache_key] = criterion_value
criterion_id = SECURITY_COLUMN_ID criterion_id = SECURITY_COLUMN_ID
...@@ -390,10 +387,10 @@ def WorkflowTool_listActions(self, info=None, object=None): ...@@ -390,10 +387,10 @@ def WorkflowTool_listActions(self, info=None, object=None):
def _getWorklistActionList(): def _getWorklistActionList():
portal_url = getToolByName(self, 'portal_url')() portal_url = getToolByName(self, 'portal_url')()
portal_catalog = getToolByName(self, 'portal_catalog') portal_catalog = getToolByName(self, 'portal_catalog')
getSecurityQuery = portal_catalog.getSecurityQuery getSecurityUidList = portal_catalog.getSecurityUidList
acceptable_key_dict = portal_catalog.getSQLCatalog().getColumnMap() acceptable_key_dict = portal_catalog.getSQLCatalog().getColumnMap()
# Get a list of dict of WorklistVariableMatchDict grouped by compatible conditions # Get a list of dict of WorklistVariableMatchDict grouped by compatible conditions
worklist_list_grouped_by_condition = groupWorklistListByCondition(worklist_dict=worklist_dict, acceptable_key_dict=acceptable_key_dict, getSecurityQuery=getSecurityQuery) worklist_list_grouped_by_condition = groupWorklistListByCondition(worklist_dict=worklist_dict, acceptable_key_dict=acceptable_key_dict, getSecurityUidList=getSecurityUidList)
LOG('WorklistGeneration', BLATHER, 'Will grab worklists in %s passes.' % (len(worklist_list_grouped_by_condition), )) LOG('WorklistGeneration', BLATHER, 'Will grab worklists in %s passes.' % (len(worklist_list_grouped_by_condition), ))
for grouped_worklist_dict in worklist_list_grouped_by_condition: for grouped_worklist_dict in worklist_list_grouped_by_condition:
LOG('WorklistGeneration', BLATHER, 'Grabbing %s worklists...' % (len(grouped_worklist_dict), )) LOG('WorklistGeneration', BLATHER, 'Grabbing %s worklists...' % (len(grouped_worklist_dict), ))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment