Commit 6142e073 authored by Jérome Perrin's avatar Jérome Perrin

support blocking local roles also when cataloging



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10629 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 60756a5b
...@@ -54,12 +54,22 @@ try: ...@@ -54,12 +54,22 @@ try:
PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type
except ImportError: except ImportError:
PAS_meta_type = '' PAS_meta_type = ''
try:
from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles
except ImportError:
#pass
raise
try: try:
from Products.NuxUserGroups import UserFolderWithGroups from Products.NuxUserGroups import UserFolderWithGroups
NUG_meta_type = UserFolderWithGroups.meta_type NUG_meta_type = UserFolderWithGroups.meta_type
except ImportError: except ImportError:
NUG_meta_type = '' NUG_meta_type = ''
try:
from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
except ImportError:
pass
def getSecurityProduct(acl_users): def getSecurityProduct(acl_users):
"""returns the security used by the user folder passed. """returns the security used by the user folder passed.
...@@ -70,12 +80,6 @@ def getSecurityProduct(acl_users): ...@@ -70,12 +80,6 @@ def getSecurityProduct(acl_users):
elif acl_users.meta_type == NUG_meta_type: elif acl_users.meta_type == NUG_meta_type:
return SECURITY_USING_NUX_USER_GROUPS return SECURITY_USING_NUX_USER_GROUPS
try:
from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
except ImportError:
pass
class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
def __setattr__(self, name, value): def __setattr__(self, name, value):
...@@ -92,13 +96,17 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): ...@@ -92,13 +96,17 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
Used by PortalCatalog to filter out items you're not allowed to see. Used by PortalCatalog to filter out items you're not allowed to see.
""" """
ob = self.__ob ob = self.__ob
withnuxgroups = getSecurityProduct(ob.acl_users)\ security_product = getSecurityProduct(ob.acl_users)
== SECURITY_USING_NUX_USER_GROUPS withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS
withpas = security_product == SECURITY_USING_PAS
allowed = {} allowed = {}
for r in rolesForPermissionOn('View', ob): for r in rolesForPermissionOn('View', ob):
allowed[r] = 1 allowed[r] = 1
if withnuxgroups: if withnuxgroups:
localroles = mergedLocalRoles(ob, withgroups=1) localroles = mergedLocalRoles(ob, withgroups=1)
elif withpas:
localroles = PAS_mergedLocalRoles(ob)
else: else:
# CMF # CMF
localroles = _mergedLocalRoles(ob) localroles = _mergedLocalRoles(ob)
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
""" ERP5Security product initialization. """ ERP5Security product initialization.
""" """
from copy import deepcopy
from AccessControl.Permissions import manage_users as ManageUsers from AccessControl.Permissions import manage_users as ManageUsers
from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
from Products.PluggableAuthService.permissions import ManageGroups from Products.PluggableAuthService.permissions import ManageGroups
...@@ -23,6 +25,37 @@ import ERP5UserManager ...@@ -23,6 +25,37 @@ import ERP5UserManager
import ERP5GroupManager import ERP5GroupManager
import ERP5RoleManager import ERP5RoleManager
def mergedLocalRoles(object):
"""Returns a merging of object and its ancestors'
__ac_local_roles__."""
# Modified to take into account _getAcquireLocalRoles
merged = {}
object = getattr(object, 'aq_inner', object)
while 1:
if hasattr(object, '__ac_local_roles__'):
dict = object.__ac_local_roles__ or {}
if callable(dict): dict = dict()
for k, v in dict.items():
if merged.has_key(k):
merged[k] = merged[k] + v
else:
merged[k] = v
# block acquisition
if hasattr(object, '_getAcquireLocalRoles'):
if not object._getAcquireLocalRoles():
break
if hasattr(object, 'aq_parent'):
object=object.aq_parent
object=getattr(object, 'aq_inner', object)
continue
if hasattr(object, 'im_self'):
object=object.im_self
object=getattr(object, 'aq_inner', object)
continue
break
return deepcopy(merged)
registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type) registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type) registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type) registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment