Commit 3e5293c6 authored by Vincent Pelletier's avatar Vincent Pelletier

Extend security API to be able to return a list of security uid.

Update WorkflowTool patch since it requires it.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@15430 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 0e7b2feb
......@@ -460,12 +460,27 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return allowedRolesAndUsers, role_column_dict
def getSecurityUidList(self, **kw):
"""
Return a list of security Uids.
TODO: Add a cache.
"""
allowedRolesAndUsers, role_column_dict = self.getAllowedRolesAndUsers(**kw)
catalog = self.getSQLCatalog()
method = getattr(catalog, catalog.sql_search_security)
allowedRolesAndUsers = ["'%s'" % (role, ) for role in allowedRolesAndUsers]
security_uid_list = [x.uid for x in method(security_roles_list = allowedRolesAndUsers)]
return security_uid_list
security.declarePublic( 'getSecurityQuery' )
def getSecurityQuery(self, query=None, **kw):
"""
Build a query based on allowed roles or on a list of security_uid
values. The query takes into account the fact that some roles are
catalogued with columns.
TODO: use getSecurityUidList and drop compatibility with old
security system.
"""
allowedRolesAndUsers, role_column_dict = self.getAllowedRolesAndUsers(**kw)
catalog = self.getSQLCatalog()
......
......@@ -113,7 +113,7 @@ SECURITY_COLUMN_ID = 'security_uid'
COUNT_COLUMN_TITLE = 'count'
INTERNAL_CRITERION_KEY_LIST = (WORKLIST_METADATA_KEY, SECURITY_PARAMETER_ID)
def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurityQuery):
def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurityUidList):
"""
Get a list of dict of WorklistVariableMatchDict grouped by compatible conditions.
Strip any variable which is not a catalog column.
......@@ -151,9 +151,6 @@ def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurity
if criterion_id in acceptable_key_dict or criterion_id in WORKLIST_METADATA_KEY:
valid_criterion_dict[criterion_id] = criterion_value
elif criterion_id == SECURITY_PARAMETER_ID:
# XXX: Only call getSecurityQuery to get the security uid list from
# generated query. The security API should be extended to allow
# access to those intermediate values.
# Caching is done at this level to be as fast as possible.
security_cache_key = list(criterion_value)
security_cache_key.sort()
......@@ -161,7 +158,7 @@ def groupWorklistListByCondition(worklist_dict, acceptable_key_dict, getSecurity
if security_cache_key in security_cache:
criterion_value = security_cache[security_cache_key]
else:
security_query = getSecurityQuery(**{criterion_id: criterion_value})
security_query = getSecurityUidList(**{criterion_id: criterion_value})
criterion_value = security_query.getValue()
security_cache[security_cache_key] = criterion_value
criterion_id = SECURITY_COLUMN_ID
......@@ -390,10 +387,10 @@ def WorkflowTool_listActions(self, info=None, object=None):
def _getWorklistActionList():
portal_url = getToolByName(self, 'portal_url')()
portal_catalog = getToolByName(self, 'portal_catalog')
getSecurityQuery = portal_catalog.getSecurityQuery
getSecurityUidList = portal_catalog.getSecurityUidList
acceptable_key_dict = portal_catalog.getSQLCatalog().getColumnMap()
# Get a list of dict of WorklistVariableMatchDict grouped by compatible conditions
worklist_list_grouped_by_condition = groupWorklistListByCondition(worklist_dict=worklist_dict, acceptable_key_dict=acceptable_key_dict, getSecurityQuery=getSecurityQuery)
worklist_list_grouped_by_condition = groupWorklistListByCondition(worklist_dict=worklist_dict, acceptable_key_dict=acceptable_key_dict, getSecurityUidList=getSecurityUidList)
LOG('WorklistGeneration', BLATHER, 'Will grab worklists in %s passes.' % (len(worklist_list_grouped_by_condition), ))
for grouped_worklist_dict in worklist_list_grouped_by_condition:
LOG('WorklistGeneration', BLATHER, 'Grabbing %s worklists...' % (len(grouped_worklist_dict), ))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment