Skip to content

erp5
erp5
Commit e2c3058d authored by iv's avatar iv
Browse files
Options

ERP5Workflow: remove custom checkWithoutRoles 

and modify checkGuard to have expected behaviour
parent 1b285dc8
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 50 deletions
product/ERP5Workflow/Document/Workflow.py
View file @ e2c3058d
......@@ -382,7 +382,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
is_permitted_worklist = 0
if is_guarded:
is_permitted_worklist = 1
elif (not check_guard): # XXX(WORKFLOW): there was: "or Guard_checkWithoutRoles(guard, security_manager, self, portal)"
elif (not check_guard or worklist_value.checkGuard(security_manager, self, portal, check_roles=False)):
is_permitted_worklist = 1
variable_match[SECURITY_PARAMETER_ID] = guard_role_list
......@@ -1122,49 +1122,3 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
if state_var is not None:
res[state_var] = status.get(state_var, initial_state)
return res
def Guard_checkWithoutRoles(self, sm, wf_def, ob, **kw):
"""Checks conditions in this guard.
This function is the same as Guard.check, but roles are not taken
into account here (but taken into account as local roles). This version
is for worklist guards.
Note that this patched version is not a monkey patch on the class,
because we only want this specific behaviour for worklists (Guards are
also used in transitions).
"""
u_roles = None
if wf_def.manager_bypass:
# Possibly bypass.
u_roles = sm.getUser().getRolesInContext(ob)
if 'Manager' in u_roles:
return 1
if self.permissions:
for p in self.permissions:
if _checkPermission(p, ob):
break
else:
return 0
if self.groups:
# Require at least one of the specified groups.
u = sm.getUser()
b = aq_base( u )
if hasattr( b, 'getGroupsInContext' ):
u_groups = u.getGroupsInContext( ob )
elif hasattr( b, 'getGroups' ):
u_groups = u.getGroups()
else:
u_groups = ()
for group in self.groups:
if group in u_groups:
break
else:
return 0
expr = self.expr
if expr is not None:
econtext = createExprContext(
StateChangeInfo(ob, wf_def, kwargs=kw))
res = expr(econtext)
if not res:
return 0
return 1
product/ERP5Workflow/mixin/guardable.py
View file @ e2c3058d
......@@ -30,7 +30,7 @@ class GuardableMixin(object):
security = ClassSecurityInfo()
security.declareObjectProtected(ManagePortal)
def checkGuard(self, security_manager, workflow, current_object, **kw):
def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw):
"""Checks conditions in this guard.
"""
user_roles = None
......@@ -45,7 +45,7 @@ class GuardableMixin(object):
break
else:
return False
if self.guard_role:
if check_roles and self.guard_role:
# Require at least one of the given roles.
if user_roles is None:
user_roles = security_manager.getUser()\
......@@ -70,7 +70,7 @@ class GuardableMixin(object):
break
else:
return False
if self.guard_expression.text:
if self.guard_expression and self.guard_expression.text:
expression_context = createExprContext(StateChangeInfo(current_object,
workflow,
kwargs=kw))
......@@ -140,6 +140,12 @@ class GuardableMixin(object):
def setGuardExpression(self, text):
self.guard_expression = Expression(text)
security.declareProtected(ManagePortal, 'getGuardExpression')
def getGuardExpression(self):
if self.guard_expression is None:
return Expression('')
return self.guard_expression
def formatNameUnion(names):
escaped = ['<code>' + escape(name) + '</code>' for name in names]
if len(escaped) == 2:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7