Commit 9654a1d2 authored by Romain Courteaud's avatar Romain Courteaud

slapos_erp5: fixup security uid cleaning

Really remove security_uid from roles_and_users table
parent 46c64ac2
...@@ -5,7 +5,10 @@ security_uid_dict = Base_getSlapOSattr(portal, portal.portal_catalog.getSQLCatal ...@@ -5,7 +5,10 @@ security_uid_dict = Base_getSlapOSattr(portal, portal.portal_catalog.getSQLCatal
delitem = Base_getSlapOSattr(portal, security_uid_dict, '__delitem__') delitem = Base_getSlapOSattr(portal, security_uid_dict, '__delitem__')
reverse_group_security_uid_dict = {} reverse_group_security_uid_dict = {}
reverse_groupless_security_uid_dict = {}
for (group, role_set), security_uid in dict(security_uid_dict).iteritems(): for (group, role_set), security_uid in dict(security_uid_dict).iteritems():
reverse_groupless_security_uid_dict[security_uid] = (group, role_set)
try: try:
reverse_security_uid_dict = reverse_group_security_uid_dict[group] reverse_security_uid_dict = reverse_group_security_uid_dict[group]
except KeyError: except KeyError:
...@@ -24,6 +27,14 @@ used_group_security_uid_dict = { ...@@ -24,6 +27,14 @@ used_group_security_uid_dict = {
x.computer_security_uid x.computer_security_uid
for x in portal.z_get_used_computer_security_uid_list() for x in portal.z_get_used_computer_security_uid_list()
}, },
'organisation': {
x.organisation_security_uid
for x in portal.z_get_used_organisation_security_uid_list()
},
'project': {
x.project_security_uid
for x in portal.z_get_used_project_security_uid_list()
},
'user' : { 'user' : {
x.user_security_uid x.user_security_uid
for x in portal.z_get_used_user_security_uid_list() for x in portal.z_get_used_user_security_uid_list()
...@@ -42,15 +53,37 @@ used_group_security_uid_dict = { ...@@ -42,15 +53,37 @@ used_group_security_uid_dict = {
} }
} }
# Check unused security uid
for group, reverse_security_uid_dict in reverse_group_security_uid_dict.iteritems(): for group, reverse_security_uid_dict in reverse_group_security_uid_dict.iteritems():
used_security_uid_set = used_group_security_uid_dict[group] used_security_uid_set = used_group_security_uid_dict[group]
unused_security_uid_set = set(reverse_security_uid_dict).difference(used_security_uid_set) unused_security_uid_set = set(reverse_security_uid_dict).difference(used_security_uid_set)
if unused_security_uid_set: if unused_security_uid_set:
print 'Will delete', len(unused_security_uid_set), 'security_uids in group', repr(group) print '# Will delete', len(unused_security_uid_set), 'security_uids in group', repr(group)
for unused_security_uid in unused_security_uid_set: for unused_security_uid in unused_security_uid_set:
print unused_security_uid, reverse_security_uid_dict[unused_security_uid] print ' * ', unused_security_uid, reverse_security_uid_dict[unused_security_uid]
delitem((group, reverse_security_uid_dict[unused_security_uid])) delitem((group, reverse_security_uid_dict[unused_security_uid]))
portal.z_delete_security_uid_set_from_roles_and_users(uid=unused_security_uid_set) portal.z_delete_security_uid_set_from_roles_and_users(uid=unused_security_uid)
# Check not deleted security uid in the roles_and_user_table
cataloged_security_uid_set = set([x.uid for x in portal.z_get_uid_group_from_roles_and_users()])
existing_security_uid_set = set(dict(security_uid_dict).values())
print '# Catalog secuirity_uid count', len(cataloged_security_uid_set)
print '# ZODB secuirity_uid count', len(existing_security_uid_set)
not_existing_security_uid_set = existing_security_uid_set.difference(cataloged_security_uid_set)
print '# Not catalogued', len(not_existing_security_uid_set), 'security_uid'
for security_uid in not_existing_security_uid_set:
print ' * ', security_uid, reverse_groupless_security_uid_dict[security_uid]
not_existing_security_uid_set = cataloged_security_uid_set.difference(existing_security_uid_set)
if not_existing_security_uid_set:
print '# Will uncatalog', len(not_existing_security_uid_set), 'security_uid'
print ' * like: ', list(not_existing_security_uid_set)[:10]
for security_uid in not_existing_security_uid_set:
assert security_uid not in reverse_groupless_security_uid_dict
portal.z_delete_security_uid_set_from_roles_and_users(security_uid=security_uid)
if 0: if 0:
print 'DRY' print 'DRY'
......
DELETE FROM roles_and_users WHERE <dtml-sqltest uid type=int multiple> DELETE FROM
\ No newline at end of file roles_and_users
WHERE
uid = <dtml-sqlvar expr="security_uid" type="string">
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
</item> </item>
<item> <item>
<key> <string>arguments_src</string> </key> <key> <string>arguments_src</string> </key>
<value> <string></string> </value> <value> <string>security_uid</string> </value>
</item> </item>
<item> <item>
<key> <string>cache_time_</string> </key> <key> <string>cache_time_</string> </key>
......
SELECT DISTINCT organisation_security_uid FROM catalog
\ No newline at end of file
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="SQL" module="Products.ZSQLMethods.SQL"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_col</string> </key>
<value>
<list>
<dictionary>
<item>
<key> <string>name</string> </key>
<value> <string>security_uid</string> </value>
</item>
<item>
<key> <string>null</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>type</string> </key>
<value> <string>i</string> </value>
</item>
<item>
<key> <string>width</string> </key>
<value> <int>6</int> </value>
</item>
</dictionary>
</list>
</value>
</item>
<item>
<key> <string>allow_simple_one_argument_traversal</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>arguments_src</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>cache_time_</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>class_file_</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>class_name_</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>connection_hook</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>connection_id</string> </key>
<value> <string>cmf_activity_sql_connection</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>z_get_used_organisation_security_uid_list</string> </value>
</item>
<item>
<key> <string>max_cache_</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>max_rows_</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="SQL" module="Products.ZSQLMethods.SQL"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_col</string> </key>
<value>
<list>
<dictionary>
<item>
<key> <string>name</string> </key>
<value> <string>security_uid</string> </value>
</item>
<item>
<key> <string>null</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>type</string> </key>
<value> <string>i</string> </value>
</item>
<item>
<key> <string>width</string> </key>
<value> <int>6</int> </value>
</item>
</dictionary>
</list>
</value>
</item>
<item>
<key> <string>allow_simple_one_argument_traversal</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>arguments_src</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>cache_time_</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>class_file_</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>class_name_</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>connection_hook</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>connection_id</string> </key>
<value> <string>cmf_activity_sql_connection</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>z_get_used_project_security_uid_list</string> </value>
</item>
<item>
<key> <string>max_cache_</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>max_rows_</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment