ERP5Security.ERP5UserLoginManager: Special-case user_id='System Processes'

Because of ERP5Type.UnrestrictedMethod, 'System Processes' can own objects.
Such objects can be proxy-role'd scripts, and proxy-role mechanism
triggers many users look-ups (each time security is evaluated, which is
virtually every getattr). Each such lookup will do a query for 'System
Processes' user, which will (hopefully) find nothing anyway.
So special-case 'System Processes' when looking by user_id by skipping
the search altogether (enforcing the inability to locate this user,
consistently with Zope assumptions, and consistently with previous
behaviour).

product/ERP5Security/ERP5LoginUserManager.py

@@ -40,11 +40,12 @@ from AccessControl import SpecialUsers
 from Shared.DC.ZRDB.DA import DatabaseError
 from zLOG import LOG, ERROR
 
+SYSTEM_USER_USER_NAME = SpecialUsers.system.getUserName()
 # To prevent login thieves
 SPECIAL_USER_NAME_SET = (
   ERP5Security.SUPER_USER,
   SpecialUsers.nobody.getUserName(),
-  SpecialUsers.system.getUserName(),
+  SYSTEM_USER_USER_NAME,
   # Note: adding emergency_user is pointless as its login is variable, so no
   # way to prevent another user from stealing its login.
 )
@@ -196,6 +197,10 @@ class ERP5LoginUserManager(BasePlugin):
       # PluggableAuthService.searchUsers.
       if isinstance(id, str):
         id = (id, )
+      # Short-cut "System Processes" as not being searchable by user_id.
+      # This improves performance in proxy-role'd execution by avoiding an
+      # sql query expected to find no user.
+      id = [x for x in id if x != SYSTEM_USER_USER_NAME]
       if id:
         if exact_match:
           requested = set(id).__contains__