diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index efeb8d33ef61b78731488aedabffe36f7f8de425..4146255e70d47e3e9c6dd68f197ea060321dfb10 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -150,15 +150,15 @@ class IndexableObjectWrapper(object): # If not, continue to index it in roles_and_users table. if (user, role) not in optimized_role_set: user_role_dict[role] = user # Only add to user_role_dict if not in optimized_role_set (double check) - elif not (role in role_dict): - # add here local roles which are not part of optimized ones - # and at the same time not a special ones like Owner - if (user, role) not in optimized_role_set: - user_group = '%s:%s' % (prefix, role) - if prefix not in allowed_role_set: - allowed_role_set.add(prefix) - if user_group not in allowed_role_set: - allowed_role_set.add(user_group) + if role in allowed_role_set: + user_view_permission_role_dict[role] = user + elif role in allowed_role_set: + for group in local_roles_group_id_group_id.get(user, ('', )): + try: + group_allowed_set = allowed_by_local_roles_group_id[group] + except KeyError: + allowed_by_local_roles_group_id[group] = group_allowed_set = set() + group_allowed_set.update((prefix, '%s:%s' % (prefix, role))) # sort `allowed` principals sorted_allowed_by_local_roles_group_id = {} diff --git a/product/ERP5Security/tests/testERP5Security.py b/product/ERP5Security/tests/testERP5Security.py index e91877539d27d5ff3968b91c2dac69ce918a87b1..a64a09335dae7ac512e820d2df94aed10fb121ab 100644 --- a/product/ERP5Security/tests/testERP5Security.py +++ b/product/ERP5Security/tests/testERP5Security.py @@ -585,7 +585,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase): obj = self._makeOne() self.assertEqual(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1')) self.assertTrue('Assignor' in user.getRolesInContext(obj)) - self.assertEqual(('F1_G1_S1',), + self.assertEqual(set([('F1_G1_S1', 'Assignor')]), obj.__ac_local_roles_group_id_dict__.get('Alternate')) self.abort()