ERP5Workflow: remove custom checkWithoutRoles

and modify checkGuard to have expected behaviour

ERP5Workflow: remove custom checkWithoutRoles
and modify checkGuard to have expected behaviour
e2c3058d · iv · 1b285dc8 · e2c3058d · e2c3058d
Commit e2c3058d authored Aug 23, 2016 by iv
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 50 deletions

product/ERP5Workflow/Document/Workflow.py product/ERP5Workflow/Document/Workflow.py +1 -47

product/ERP5Workflow/mixin/guardable.py product/ERP5Workflow/mixin/guardable.py +9 -3

No files found.
--- a/product/ERP5Workflow/Document/Workflow.py
+++ b/product/ERP5Workflow/Document/Workflow.py
@@ -382,7 +382,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
        is_permitted_worklist = 0
        if is_guarded:
          is_permitted_worklist = 1
-        elif (not check_guard): # XXX(WORKFLOW): there was: "or Guard_checkWithoutRoles(guard, security_manager, self, portal)"
+        elif (not check_guard or worklist_value.checkGuard(security_manager, self, portal, check_roles=False)):
          is_permitted_worklist = 1
          variable_match[SECURITY_PARAMETER_ID] = guard_role_list
@@ -1122,49 +1122,3 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
      if state_var is not None:
        res[state_var] = status.get(state_var, initial_state)
      return res
-def Guard_checkWithoutRoles(self, sm, wf_def, ob, **kw):
-    """Checks conditions in this guard.
-       This function is the same as Guard.check, but roles are not taken
-       into account here (but taken into account as local roles). This version
-       is for worklist guards.
-       Note that this patched version is not a monkey patch on the class,
-       because we only want this specific behaviour for worklists (Guards are
-       also used in transitions).
-    """
-    u_roles = None
-    if wf_def.manager_bypass:
-        # Possibly bypass.
-        u_roles = sm.getUser().getRolesInContext(ob)
-        if 'Manager' in u_roles:
-            return 1
-    if self.permissions:
-        for p in self.permissions:
-            if _checkPermission(p, ob):
-                break
-        else:
-            return 0
-    if self.groups:
-        # Require at least one of the specified groups.
-        u = sm.getUser()
-        b = aq_base( u )
-        if hasattr( b, 'getGroupsInContext' ):
-            u_groups = u.getGroupsInContext( ob )
-        elif hasattr( b, 'getGroups' ):
-            u_groups = u.getGroups()
-        else:
-            u_groups = ()
-        for group in self.groups:
-            if group in u_groups:
-                break
-        else:
-            return 0
-    expr = self.expr
-    if expr is not None:
-        econtext = createExprContext(
-            StateChangeInfo(ob, wf_def, kwargs=kw))
-        res = expr(econtext)
-        if not res:
-            return 0
-    return 1
--- a/product/ERP5Workflow/mixin/guardable.py
+++ b/product/ERP5Workflow/mixin/guardable.py
@@ -30,7 +30,7 @@ class GuardableMixin(object):
  security = ClassSecurityInfo()
  security.declareObjectProtected(ManagePortal)
-  def checkGuard(self, security_manager, workflow, current_object, **kw):
+  def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw):
    """Checks conditions in this guard.
    """
    user_roles = None
@@ -45,7 +45,7 @@ class GuardableMixin(object):
          break
      else:
        return False
-    if self.guard_role:
+    if check_roles and self.guard_role:
      # Require at least one of the given roles.
      if user_roles is None:
        user_roles = security_manager.getUser()\
@@ -70,7 +70,7 @@ class GuardableMixin(object):
          break
      else:
        return False
-    if self.guard_expression.text:
+    if self.guard_expression and self.guard_expression.text:
      expression_context = createExprContext(StateChangeInfo(current_object,
                                                             workflow,
                                                             kwargs=kw))
@@ -140,6 +140,12 @@ class GuardableMixin(object):
  def setGuardExpression(self, text):
    self.guard_expression = Expression(text)
+  security.declareProtected(ManagePortal, 'getGuardExpression')
+  def getGuardExpression(self):
+    if self.guard_expression is None:
+      return Expression('')
+    return self.guard_expression
 def formatNameUnion(names):
  escaped = ['<code>' + escape(name) + '</code>' for name in names]
  if len(escaped) == 2: