From 833546c9df1c7715afa6535bff03d0ec81dc051e Mon Sep 17 00:00:00 2001
From: Vincent Pelletier <vincent@nexedi.com>
Date: Fri, 9 May 2008 04:31:17 +0000
Subject: [PATCH] Filter catalog result list. Add a comment to explain why it's
 done this way.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20896 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Security/ERP5UserManager.py | 30 ++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/product/ERP5Security/ERP5UserManager.py b/product/ERP5Security/ERP5UserManager.py
index f4dfb2fa84..93ab9cf1e2 100644
--- a/product/ERP5Security/ERP5UserManager.py
+++ b/product/ERP5Security/ERP5UserManager.py
@@ -199,6 +199,7 @@ class ERP5UserManager(BasePlugin):
           try:
             try:
               result = portal.portal_catalog.unrestrictedSearchResults(
+                                      select_expression='reference',
                                       portal_type="Person", reference=login)
             except ConflictError:
               raise
@@ -213,7 +214,34 @@ class ERP5UserManager(BasePlugin):
               raise _SWALLOWABLE_PLUGIN_EXCEPTIONS[0]
           finally:
             setSecurityManager(sm)
-          return [x.path for x in result]
+          # XXX: Here, we filter catalog result list ALTHOUGH we did pass
+          # parameters to unrestrictedSearchResults to restrict result set.
+          # This is done because the following values can match person with
+          # reference "foo":
+          # "foo " because of MySQL (feature, PADSPACE collation):
+          #  mysql> SELECT reference as r FROM catalog
+          #      -> WHERE reference="foo      ";
+          #  +-----+
+          #  | r   |
+          #  +-----+
+          #  | foo |
+          #  +-----+
+          #  1 row in set (0.01 sec)
+          # " foo", "foo " and other padding variations because of
+          # ZSQLCatalog (feature ?):
+          #  (Pdb) print portal.portal_catalog.unrestrictedSearchResults(\
+          #              portal_type="Person", reference='  foo  ', src__=1)
+          #  SELECT DISTINCT
+          #     catalog.path,   catalog.uid
+          #  FROM
+          #     catalog AS catalog
+          #  WHERE
+          #    1 = 1
+          #    AND (((((catalog.portal_type = 'Person'))))) AND (((((catalog.reference = 'foo')))))
+          #  LIMIT 1000
+          # "bar OR foo" because of ZSQLCatalog tokenizing searched sgtrings
+          # by default (feature).
+          return [x.path for x in result if x['reference'] == login]
         _getUserByLogin = CachingMethod(_getUserByLogin,
                                         id='ERP5UserManager_getUserByLogin',
                                         cache_factory='erp5_content_short')
-- 
2.30.9