From a6c6d3be19187072bdaaeef49a05c89d1ec16d1b Mon Sep 17 00:00:00 2001
From: Sebastien Robin <seb@nexedi.com>
Date: Wed, 23 Mar 2005 08:47:47 +0000
Subject: [PATCH] added negative role compatibility

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@2736 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Catalog/CatalogTool.py | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py
index 84e1a5053f..eb2a64ecbc 100755
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -75,10 +75,27 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
             allowed[r] = 1
         if withgroups:
           localroles = mergedLocalRoles(ob, withgroups=1)
-          #LOG("allowedRolesAndUsers",0,str(allowed.keys()))
         else:
           # CMF
           localroles = _mergedLocalRoles(ob)
+        # For each group or user, we have a list of roles, this list
+        # give in this order : [roles on object, roles acquired on the parent,
+        # roles acquired on the parent of the parent....]
+        # So if we have ['-Author','Author'] we should remove the role 'Author'
+        # but if we have ['Author','-Author'] we have to keep the role 'Author'
+        new_dict = {}
+        for key in localroles.keys():
+          new_list = []
+          remove_list = []
+          for role in localroles[key]:
+            if role.startswith('-'):
+              if not role[1:] in new_list and not role[1:] in remove_list:
+                remove_list.append(role[1:])
+            elif not role in remove_list:
+              new_list.append(role)
+          if len(new_list)>0:
+            new_dict[key] = new_list
+        localroles = new_dict
         for user, roles in localroles.items():
             for role in roles:
                 if allowed.has_key(role):
-- 
2.30.9