Commit c60d717b authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Alain Takoudjou

Treat user with Manager role as superuser.

parent f351cb41
......@@ -456,7 +456,8 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
"""
user = _getAuthenticatedUser(self)
user_str = str(user)
user_is_superuser = (user == system_user) or (user_str == SUPER_USER)
user_is_superuser = (user == system_user) or (user_str == SUPER_USER) or \
('Manager' in user.getRoles())
allowedRolesAndUsers = self._listAllowedRolesAndUsers(user)
role_column_dict = {}
local_role_column_dict = {}
......@@ -582,7 +583,8 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
"""
user = _getAuthenticatedUser(self)
user_str = str(user)
user_is_superuser = (user == system_user) or (user_str == SUPER_USER)
user_is_superuser = (user == system_user) or (user_str == SUPER_USER) or \
('Manager' in user.getRoles())
if user_is_superuser:
# We need no security check for super user.
return query
......
  • @vpelletier,

    I believe this change is also relevant to merge on master, What do you think?

    /cc @romain, @jm

  • Although I understand the intent (accelerate queries done as Manager by not adding a crazy-long list of security_uid), this breaks the rule that in-ZODB object visibility for calling user can be checked in-catalog too - and as a result, it means it breaks catalog when Manager cannot view all documents.

    So I think this needs @jp 's approval before it can go in:

    • Do we want Managers to become all-viewing users ?
    • Do we tolerate catalog-ZODB view permission discrepancy ?

    If the answer to either is "yes", then it can be merged.

    Edited by Vincent Pelletier
  • Vincent is right:

    • it is wrong to consider Manager as a superuser (Manager in Zope designed can be blocked to access some objects, a feature that is loved by some users of ERP5 in sensitive industries)
    • it is wrong to introduce inconsistencies between catalog security and ZODB

    The problem is however non trivial. I think it would be good that Vincent thinks about a solution.

    Very often, the problem comes first from the use of Manager role instead of a normal role (ex. Auditor). If security is designed to define clearly who is Auditor (including which "virtual user" launching alarms), then security can be better designed and the number of uids reduced.

    I thus prefer Vincent or Rafael to consider a real solution.

Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment