From 3bb14bfe637ae5ca08f7ae7b549742e441894d9d Mon Sep 17 00:00:00 2001 From: Jean-Paul Smets <jp@nexedi.com> Date: Sun, 17 Sep 2006 12:43:43 +0000 Subject: [PATCH] Added much comments related to the support of Owner local role and optimisation of security table. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10055 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Catalog/CatalogTool.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index a178734b06..c40bb7a070 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -128,7 +128,11 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): else: allowed['user:' + user] = 1 # Added for ERP5 project by JP Smets - if role != 'Owner': + # The reason why we do not want to keep Owner is because we are + # trying to reduce the number of security definitions + # However, this could be a bad idea if we start to use Owner role + # as a kind of Assignee and if we need it for worklists. + if role != 'Owner': if withnuxgroups: allowed[user + ':' + role] = 1 else: @@ -393,7 +397,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): # Local roles now has precedence (since it comes from a WorkList) for user_or_group in allowedRolesAndUsers: for role in local_roles: - new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role)) + if role == "Owner": + # This is for now only a placeholder to handle the case of Owner + # which may not be supported (see above comment arround line 135 + new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role)) + else: + new_allowedRolesAndUsers.append('%s:%s' % (user_or_group, role)) allowedRolesAndUsers = new_allowedRolesAndUsers return allowedRolesAndUsers -- 2.30.9