From 9bf7a8951782ddb5531b682a95fd7815bdd502dc Mon Sep 17 00:00:00 2001
From: Yoshinori Okuji <yo@nexedi.com>
Date: Fri, 6 Nov 2009 05:23:06 +0000
Subject: [PATCH] _filterCategoryListByPermission must consider that
_getSingleCategoryAcquiredMembershipList may not always include a base
category in the result.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@30355 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
product/CMFCategory/CategoryTool.py | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/product/CMFCategory/CategoryTool.py b/product/CMFCategory/CategoryTool.py
index 98f7853e7a..ca4fac4f6a 100644
--- a/product/CMFCategory/CategoryTool.py
+++ b/product/CMFCategory/CategoryTool.py
@@ -865,7 +865,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
return result
- def _filterCategoryListByPermission(self, category_list, permission):
+ def _filterCategoryListByPermission(self, base_category, base, category_list, permission):
"""This method returns a category list filtered by a permission.
If the permission is None, returns a passed list as it is.
"""
@@ -877,7 +877,11 @@ class CategoryTool( UniqueObject, Folder, Base ):
append = new_category_list.append
for category in category_list:
try:
- value = resolveCategory(category)
+ if base:
+ category_path = category
+ else:
+ category_path = '%s/%s' % (base_category, category)
+ value = resolveCategory(category_path)
if checkPermission(permission, value):
append(category)
except Unauthorized:
@@ -974,7 +978,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
not base_category_value.getAcquisitionAppendValue() and \
result:
# If acquisition masks and we do not append values, then we must return now
- return self._filterCategoryListByPermission(result, checked_permission)
+ return self._filterCategoryListByPermission(base_category, base, result, checked_permission)
# First we look at local ids
for object_id in base_category_value.getAcquisitionObjectIdList():
try:
@@ -998,7 +1002,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
# If acquisition appends, then we must append to the result
result.extend(new_result)
elif new_result:
- return self._filterCategoryListByPermission(new_result, checked_permission) # Found enough information to return
+ return self._filterCategoryListByPermission(base_category, base, new_result, checked_permission) # Found enough information to return
# Next we look at references
#LOG("Get Acquired BC", 0, base_category_value.getAcquisitionBaseCategoryList())
acquisition_base_category_list = base_category_value.getAcquisitionBaseCategoryList()
@@ -1075,7 +1079,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
self.setCategoryMembership( context, base_category, new_result,
spec=spec, filter=filter, portal_type=portal_type, base=base )
# We found it, we can return
- return self._filterCategoryListByPermission(new_result, checked_permission)
+ return self._filterCategoryListByPermission(base_category, base, new_result, checked_permission)
if (getattr(base_category_value, 'acquisition_copy_value', False) or \
@@ -1115,7 +1119,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
result.append(category_value.getRelativeUrl())
# WE MUST IMPLEMENT HERE THE REST OF THE SEMANTICS
#LOG("Get Acquired Category Result ",0,str(result))
- return self._filterCategoryListByPermission(result, checked_permission)
+ return self._filterCategoryListByPermission(base_category, base, result, checked_permission)
security.declareProtected( Permissions.AccessContentsInformation,
'getAcquiredCategoryMembershipList' )
--
2.30.9