Add an optional parameter user_name to assignRoleToSecurityGroup

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@5804 20353a03-c40f-0410-a6d1-a30d3c3de9de

Add an optional parameter user_name to assignRoleToSecurityGroup
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@5804 20353a03-c40f-0410-a6d1-a30d3c3de9de
5c08879d · Yoshinori Okuji · 557a78f5 · 5c08879d
Commit 5c08879d authored Feb 23, 2006 by Yoshinori Okuji
Hide whitespace changes
Inline Side-by-side

Showing with 112 additions and 119 deletions

product/ERP5Type/ERP5Type.py product/ERP5Type/ERP5Type.py +112 -119

No files found.
--- a/product/ERP5Type/ERP5Type.py
+++ b/product/ERP5Type/ERP5Type.py
@@ -240,13 +240,14 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
    security.declareProtected(ERP5Permissions.ModifyPortalContent,
                              'assignRoleToSecurityGroup')
-    def assignRoleToSecurityGroup(self, object):
+    def assignRoleToSecurityGroup(self, object, user_name = None):
-        """
+      """
        Assign Local Roles to Groups on object, based on Portal Type
        Role Definitions
-        """
+      """
-        #FIXME We should check the type of the acl_users folder instead of
+      #FIXME We should check the type of the acl_users folder instead of
-        #      checking which product is installed.
+      #      checking which product is installed.
+      if user_name is None:
        if ERP5UserManager is not None:
          # We use id for roles in ERP5Security
          user_name = getSecurityManager().getUser().getId()
@@ -257,121 +258,113 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
                'your setup. '\
                'Please install it to benefit from group-based security'
-        # Retrieve applicable roles
+      # Retrieve applicable roles
-        # kw provided in order to take any appropriate action
+      role_mapping = self.getFilteredRoleListFor(object=object) # kw provided in order to take any appropriate action
-        role_mapping = self.getFilteredRoleListFor(object=object)
+      role_category_list_dict = {}
-        role_category_list = {}
+      for role, definition_list in role_mapping.items():
-        for role, definition_list in role_mapping.items():
+        # For each role definition, we look for the base_category_script
-            if not role_category_list.has_key(role):
+        # and try to use it to retrieve the values for the base_category list
-                role_category_list[role] = []
+        for definition in definition_list:
-            # For each role definition, we look for the base_category_script
+          # get the list of base_categories that are statically defined
-            # and try to use it to retrieve the values for
+          static_base_category_list = [x.split('/', 1)[0] for x in definition['category']]
-            # the base_category list
+          # get the list of base_categories that are to be fetched through the script
-            for definition in definition_list:
+          dynamic_base_category_list = [x for x in definition['base_category'] if x not in static_base_category_list]
-                # get the list of base_categories that are statically defined
+          # get the aggregated list of base categories, to preserve the order
-                category_base_list = [x.split('/')[0]
+          category_order_list = []
-                                      for x in definition['category']]
+          category_order_list.extend(definition['base_category'])
-                # get the list of base_categories that are to be fetched through the script
+          for bc in static_base_category_list:
-                actual_base_category_list = [x for x in definition['base_category'] if x not in category_base_list]
+            if bc not in category_order_list:
-                # get the aggregated list of base categories, to preserve the order
+              category_order_list.append(bc)
-                category_order_list = []
-                category_order_list.extend(definition['base_category'])
+          # get the script and apply it if dynamic_base_category_list is not empty
-                for bc in category_base_list:
+          if len(dynamic_base_category_list) > 0:
-                    if bc not in category_order_list:
+            base_category_script_id = definition['base_category_script']
-                        category_order_list.append(bc)
+            base_category_script = getattr(object, base_category_script_id, None)
+            if base_category_script is not None:
-                # get the script and apply it if actual_base_category_list is not empty
+              # call the script, which should return either a dict or a list of dicts
-                if len(actual_base_category_list) > 0:
+              category_result = base_category_script(dynamic_base_category_list, user_name, object, object.getPortalType())
-                    base_category_script_id = definition['base_category_script']
+              # If we decide in the script that we don't want to update the security for this object,
-                    base_category_script = getattr(object, base_category_script_id, None)
+              # we can just have it return None instead of a dict or list of dicts
-                    if base_category_script is not None:
+              if category_result is None:
-                        # call the script, which should return either a dict or a list of dicts
+                continue
-                        category_result = base_category_script(actual_base_category_list, user_name, object, object.getPortalType())
+              elif isinstance(category_result, dict):
-                        # If we decide in the script that we don't want to update the security for this object,
+                category_result = [category_result]
-                        # we can just have it return None instead of a dict or list of dicts
+            else:
-                        if category_result is None:
+              raise RuntimeError, 'Script %s was not found to fetch values for'\
-                            continue
+                      ' base categories : %s' % (base_category_script_id,
-                        if type(category_result) is type({}):
+                                            ', '.join(dynamic_base_category_list))
-                            category_result = [category_result]
+          else:
-                    else:
+            category_result = [{}]
-                        raise RuntimeError, 'Script %s was not found to fetch values for'\
+          # add the result to role_category_list_dict, aggregated with category_order and statically defined categories
-                                ' base categories : %s' % (base_category_script_id,
+          role_category_list = role_category_list_dict.setdefault(role, [])
-                                                      ', '.join(actual_base_category_list))
+          for category_dict in category_result:
-                else:
+            category_value_dict = {'category_order':category_order_list}
-                    category_result = [{}]
+            category_value_dict.update(category_dict)
-                # add the result to role_category_list, aggregated with category_order and statically defined categories
+            for c in definition['category']:
-                for category_dict in category_result:
+              bc, value = c.split('/', 1)
-                    category_value_dict = {'category_order':category_order_list}
+              category_value_dict[bc] = value
-                    category_value_dict.update(category_dict)
+            role_category_list.append(category_value_dict)
-                    for c in definition['category']:
-                        bc, value = c.split('/', 1)
+      # Generate security group ids from category_value_dicts
-                        category_value_dict[bc] = value
+      role_group_id_dict = {}
-                    role_category_list[role].append(category_value_dict)
+      group_id_generator = getattr(object, ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT, None)
+      if group_id_generator is None:
-        # Generate security group ids from category_value_dicts
+        raise RuntimeError, '%s script was not found' % ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
-        role_group_id_dict = {}
+      for role, value_list in role_category_list_dict.items():
-        group_id_generator = getattr(object, ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT, None)
+        role_group_dict = {}
-        if group_id_generator is None:
+        for category_dict in value_list:
-            raise RuntimeError, '%s script was not found' % ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
+          group_id = group_id_generator(**category_dict)
-        for role, value_list in role_category_list.items():
+          # If group_id is not defined, do not use it
-            if not role_group_id_dict.has_key(role):
+          if group_id not in (None, ''):
-                role_group_id_dict[role] = []
+            if isinstance(group_id, str):
-            role_group_dict = {}
+              # Single group is defined (this is usually for group membership)
-            for category_dict in value_list:
+              role_group_dict[group_id] = 1
-                group_id = group_id_generator(**category_dict)
+            else:
-                # If group_id is not defined, do not use it
+              # Multiple groups are defined (this is usually for users)
-                if group_id not in (None, ''):
+              # but it could be extended to ad hoc groups
-                  if type(group_id) is type('a'):
+              for user_id in group_id:
-                    # Single group is defined (this is usually for group membership)
+                role_group_dict[user_id] = 1
-                    role_group_dict[group_id] = 1
+        role_group_id_dict.setdefault(role, []).extend(role_group_dict.keys())
-                  else:
-                    # Multiple groups are defined (this is usually for users)
+      # Switch index from role to group id
-                    # but it could be extended to ad hoc groups
+      group_id_role_dict = {}
-                    for user_id in group_id:
+      for role, group_list in role_group_id_dict.items():
-                      role_group_dict[user_id] = 1
+        for group_id in group_list:
-            role_group_id_dict[role].extend(role_group_dict.keys())
+          group_id_role_dict.setdefault(group_id, []).append(role)
-        # Switch index from role to group id
+      # Update role assignments to groups
-        group_id_role_dict = {}
+      if ERP5UserManager is not None: # Default implementation
-        for role, group_list in role_group_id_dict.items():
+        # Clean old group roles
-            for group_id in group_list:
+        old_group_list = object.get_local_roles()
-                if not group_id_role_dict.has_key(group_id):
+        object.manage_delLocalRoles([x[0] for x in old_group_list])
-                    group_id_role_dict[group_id] = []
+        # Save the owner
-                group_id_role_dict[group_id].append(role)
+        for group, role_list in old_group_list:
+          if 'Owner' in role_list:
-        # Update role assignments to groups
+            if not group_id_role_dict.has_key(group):
-        if ERP5UserManager is not None: # Default implementation
+              group_id_role_dict[group] = ('Owner',)
-          # Clean old group roles
+            else:
-          old_group_list = object.get_local_roles()
+              group_id_role_dict[group].append('Owner')
-          object.manage_delLocalRoles([x[0] for x in old_group_list])
+        # Assign new roles
-          # Save the owner
+        for group, role_list in group_id_role_dict.items():
-          for group, role_list in old_group_list:
+          object.manage_addLocalRoles(group, role_list)
-            if 'Owner' in role_list:
+      else: # NuxUserGroups implementation
-              if not group_id_role_dict.has_key(group):
+        # Clean old group roles
-                group_id_role_dict[group] = ('Owner',)
+        old_group_list = object.get_local_group_roles()
-              else:
+        # We duplicate role settings to mimic PAS
-                group_id_role_dict[group].append('Owner')
+        object.manage_delLocalGroupRoles([x[0] for x in old_group_list])
-          # Assign new roles
+        object.manage_delLocalRoles([x[0] for x in old_group_list])
-          for group, role_list in group_id_role_dict.items():
+        # Save the owner
-              object.manage_addLocalRoles(group, role_list)
+        for group, role_list in old_group_list:
-        else: # NuxUserGroups implementation
+          if 'Owner' in role_list:
-          # Clean old group roles
+            if not group_id_role_dict.has_key(group):
-          old_group_list = object.get_local_group_roles()
+              group_id_role_dict[group] = ('Owner',)
+            else:
+              group_id_role_dict[group].append('Owner')
+        # Assign new roles
+        for group, role_list in group_id_role_dict.items():
          # We duplicate role settings to mimic PAS
-          object.manage_delLocalGroupRoles([x[0] for x in old_group_list])
+          object.manage_addLocalGroupRoles(group, role_list)
-          object.manage_delLocalRoles([x[0] for x in old_group_list])
+          object.manage_addLocalRoles(group, role_list)
-          # Save the owner
-          for group, role_list in old_group_list:
-            if 'Owner' in role_list:
-              if not group_id_role_dict.has_key(group):
-                group_id_role_dict[group] = ('Owner',)
-              else:
-                group_id_role_dict[group].append('Owner')
-          # Assign new roles
-          for group, role_list in group_id_role_dict.items():
-              # We duplicate role settings to mimic PAS
-              object.manage_addLocalGroupRoles(group, role_list)
-              object.manage_addLocalRoles(group, role_list)
    security.declarePublic('getFilteredRoleListFor')
    def getFilteredRoleListFor(self, object=None, **kw):