From 3bb14bfe637ae5ca08f7ae7b549742e441894d9d Mon Sep 17 00:00:00 2001
From: Jean-Paul Smets <jp@nexedi.com>
Date: Sun, 17 Sep 2006 12:43:43 +0000
Subject: [PATCH] Added much comments related to the support of Owner local
 role and optimisation of security table.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10055 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Catalog/CatalogTool.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py
index a178734b06..c40bb7a070 100644
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -128,7 +128,11 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
               else:
                 allowed['user:' + user] = 1
             # Added for ERP5 project by JP Smets
-            if role != 'Owner':
+            # The reason why we do not want to keep Owner is because we are
+            # trying to reduce the number of security definitions
+            # However, this could be a bad idea if we start to use Owner role
+            # as a kind of Assignee and if we need it for worklists.
+            if role != 'Owner': 
               if withnuxgroups:
                 allowed[user + ':' + role] = 1
               else:
@@ -393,7 +397,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
           # Local roles now has precedence (since it comes from a WorkList)
           for user_or_group in allowedRolesAndUsers:
             for role in local_roles:
-              new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role))
+              if role == "Owner":
+                # This is for now only a placeholder to handle the case of Owner
+                # which may not be supported (see above comment arround line 135
+                new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role))
+              else:
+                new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role))
           allowedRolesAndUsers = new_allowedRolesAndUsers
 
       return allowedRolesAndUsers
-- 
2.30.9