Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
erp5
Commits
c221a41f
Commit
c221a41f
authored
May 22, 2013
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Only index a group if the role is allowed to view
parent
dd69a61c
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
29 additions
and
18 deletions
+29
-18
product/ERP5Catalog/CatalogTool.py
product/ERP5Catalog/CatalogTool.py
+8
-11
product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
...P5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
+21
-7
No files found.
product/ERP5Catalog/CatalogTool.py
View file @
c221a41f
...
@@ -133,14 +133,13 @@ class IndexableObjectWrapper(object):
...
@@ -133,14 +133,13 @@ class IndexableObjectWrapper(object):
optimized_role_set
=
set
()
optimized_role_set
=
set
()
# First parse optimized roles and build optimized_role_set
# First parse optimized roles and build optimized_role_set
for
role_definition_group
,
user_and_role_list
in
local_roles_group_id_group_id
.
items
():
for
role_definition_group
,
user_and_role_list
in
local_roles_group_id_group_id
.
items
():
try
:
group_allowed_set
=
allowed_by_local_roles_group_id
.
setdefault
(
group_allowed_set
=
allowed_by_local_roles_group_id
[
role_definition_group
]
role_definition_group
,
set
())
except
KeyError
:
allowed_by_local_roles_group_id
[
role_definition_group
]
=
group_allowed_set
=
set
()
for
user
,
role
in
user_and_role_list
:
for
user
,
role
in
user_and_role_list
:
prefix
=
'user:'
+
user
if
role
in
allowed_role_set
:
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
prefix
=
'user:'
+
user
optimized_role_set
.
add
((
user
,
role
))
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
optimized_role_set
.
add
((
user
,
role
))
# Then parse other roles
# Then parse other roles
for
user
,
roles
in
localroles
.
iteritems
():
for
user
,
roles
in
localroles
.
iteritems
():
...
@@ -155,10 +154,8 @@ class IndexableObjectWrapper(object):
...
@@ -155,10 +154,8 @@ class IndexableObjectWrapper(object):
user_view_permission_role_dict
[
role
]
=
user
user_view_permission_role_dict
[
role
]
=
user
elif
role
in
allowed_role_set
:
elif
role
in
allowed_role_set
:
for
group
in
local_roles_group_id_group_id
.
get
(
user
,
(
''
,
)):
for
group
in
local_roles_group_id_group_id
.
get
(
user
,
(
''
,
)):
try
:
group_allowed_set
=
allowed_by_local_roles_group_id
.
setdefault
(
group_allowed_set
=
allowed_by_local_roles_group_id
[
group
]
group
,
set
())
except
KeyError
:
allowed_by_local_roles_group_id
[
group
]
=
group_allowed_set
=
set
()
if
(
user
,
role
)
not
in
optimized_role_set
:
if
(
user
,
role
)
not
in
optimized_role_set
:
# add only if not already added to optimized_role_set to avoid polluting indexation table
# add only if not already added to optimized_role_set to avoid polluting indexation table
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
group_allowed_set
.
update
((
prefix
,
'%s:%s'
%
(
prefix
,
role
)))
...
...
product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
View file @
c221a41f
...
@@ -41,16 +41,18 @@ class TestERP5CatalogSecurityUidOptimization(ERP5TypeTestCase):
...
@@ -41,16 +41,18 @@ class TestERP5CatalogSecurityUidOptimization(ERP5TypeTestCase):
bt5 to be installed in advance.
bt5 to be installed in advance.
XXX: Inherit from TestERP5Catalog so we test default and security_uid optmization with same tests.
XXX: Inherit from TestERP5Catalog so we test default and security_uid optmization with same tests.
"""
"""
business_template_list
=
[
'erp5_security_uid_innodb_catalog'
,
business_template_list
=
[
'erp5_security_uid_innodb_catalog'
,
'erp5_full_text_myisam_catalog'
,
'erp5_base'
]
'erp5_full_text_myisam_catalog'
,
'erp5_base'
]
def
getBusinessTemplateList
(
self
):
def
getBusinessTemplateList
(
self
):
return
self
.
business_template_list
return
self
.
business_template_list
def
afterSetUp
(
self
):
def
afterSetUp
(
self
):
self
.
login
()
self
.
login
()
portal
=
self
.
getPortal
()
portal
=
self
.
getPortal
()
group
=
portal
.
portal_categories
.
group
if
'g1'
not
in
group
.
objectIds
():
group
.
newContent
(
portal_type
=
'Category'
,
id
=
'g1'
,
codification
=
'GROUP1'
)
def
test_local_roles_group_id_on_role_information
(
self
):
def
test_local_roles_group_id_on_role_information
(
self
):
"""Test usage of local_roles_group_id when searching catalog.
"""Test usage of local_roles_group_id when searching catalog.
...
@@ -111,6 +113,13 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -111,6 +113,13 @@ CREATE TABLE alternate_roles_and_users (
role_base_category_script_id
=
'ERP5Type_getSecurityCategoryFromSelf'
,
role_base_category_script_id
=
'ERP5Type_getSecurityCategoryFromSelf'
,
role_base_category
=
'agent'
,
role_base_category
=
'agent'
,
local_role_group_value
=
self
.
portal
.
portal_categories
.
local_role_group
.
Alternate
.
getRelativeUrl
())
local_role_group_value
=
self
.
portal
.
portal_categories
.
local_role_group
.
Alternate
.
getRelativeUrl
())
# add another role information that does not grant view permission
self
.
portal
.
portal_types
.
Person
.
newContent
(
portal_type
=
'Role Information'
,
role_name
=
'Unknown'
,
role_category_list
=
(
'group/g1'
),
role_base_category
=
'group'
,
local_role_group_value
=
self
.
portal
.
portal_categories
.
local_role_group
.
Alternate
.
getRelativeUrl
())
self
.
portal
.
portal_caches
.
clearAllCache
()
self
.
portal
.
portal_caches
.
clearAllCache
()
self
.
tic
()
self
.
tic
()
...
@@ -119,21 +128,23 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -119,21 +128,23 @@ CREATE TABLE alternate_roles_and_users (
# create two persons and users
# create two persons and users
user1
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
user1
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
reference
=
'user1'
)
reference
=
'user1'
)
user1
.
newContent
(
portal_type
=
'Assignment'
).
open
()
user1
.
newContent
(
portal_type
=
'Assignment'
,
group
=
'g1'
).
open
()
user1
.
updateLocalRolesOnSecurityGroups
()
user1
.
updateLocalRolesOnSecurityGroups
()
self
.
assertEquals
(
user1
.
__ac_local_roles__
.
get
(
'user1'
),
[
'Auditor'
])
self
.
assertEquals
(
user1
.
__ac_local_roles__
.
get
(
'user1'
),
[
'Auditor'
])
self
.
assertEquals
(
user1
.
__ac_local_roles__
.
get
(
'GROUP1'
),
[
'Unknown'
])
user2
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
user2
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
reference
=
'user2'
)
reference
=
'user2'
)
user2
.
newContent
(
portal_type
=
'Assignment'
).
open
()
user2
.
newContent
(
portal_type
=
'Assignment'
,
group
=
'g1'
).
open
()
user2
.
updateLocalRolesOnSecurityGroups
()
user2
.
updateLocalRolesOnSecurityGroups
()
self
.
assertEquals
(
user2
.
__ac_local_roles__
.
get
(
'user2'
),
[
'Auditor'
])
self
.
assertEquals
(
user2
.
__ac_local_roles__
.
get
(
'user2'
),
[
'Auditor'
])
self
.
assertEquals
(
user2
.
__ac_local_roles__
.
get
(
'GROUP1'
),
[
'Unknown'
])
self
.
tic
()
self
.
tic
()
# security_uid_dict in catalog contains entries for user1 and user2:
# security_uid_dict in catalog contains entries for user1 and user2:
user1_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
user1_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
(
'Alternate'
,
(
'user:user1'
,
'user:user1:Auditor'
))]
(
'Alternate'
,
(
'user:user1'
,
'user:user1:Auditor'
))]
bob
_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
user2
_alternate_security_uid
=
sql_catalog
.
security_uid_dict
[
(
'Alternate'
,
(
'user:user2'
,
'user:user2:Auditor'
))]
(
'Alternate'
,
(
'user:user2'
,
'user:user2:Auditor'
))]
# those entries are in alternate security table
# those entries are in alternate security table
...
@@ -143,7 +154,7 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -143,7 +154,7 @@ CREATE TABLE alternate_roles_and_users (
alternate_security_uid
=
user1_alternate_security_uid
)
in
alternate_security_uid
=
user1_alternate_security_uid
)
in
alternate_roles_and_users
)
alternate_roles_and_users
)
self
.
assertTrue
(
dict
(
uid
=
user2
.
getUid
(),
self
.
assertTrue
(
dict
(
uid
=
user2
.
getUid
(),
alternate_security_uid
=
bob
_alternate_security_uid
)
in
alternate_security_uid
=
user2
_alternate_security_uid
)
in
alternate_roles_and_users
)
alternate_roles_and_users
)
# low level check of the security query of a logged in user
# low level check of the security query of a logged in user
...
@@ -168,11 +179,14 @@ CREATE TABLE alternate_roles_and_users (
...
@@ -168,11 +179,14 @@ CREATE TABLE alternate_roles_and_users (
local_roles
=
'Auditor'
)])
local_roles
=
'Auditor'
)])
# searches still work for other users
# searches still work for other users
self
.
login
(
'user2'
)
self
.
assertEquals
([
user2
],
[
o
.
getObject
()
for
o
in
self
.
portal
.
portal_catalog
(
portal_type
=
'Person'
)])
self
.
login
(
'ERP5TypeTestCase'
)
self
.
login
(
'ERP5TypeTestCase'
)
self
.
assertSameSet
([
user1
,
user2
],
self
.
assertSameSet
([
user1
,
user2
],
[
o
.
getObject
()
for
o
in
[
o
.
getObject
()
for
o
in
self
.
portal
.
portal_catalog
(
portal_type
=
'Person'
)])
self
.
portal
.
portal_catalog
(
portal_type
=
'Person'
)])
finally
:
finally
:
# restore catalog configuration
# restore catalog configuration
sql_catalog
.
sql_search_tables
=
current_sql_search_tables
sql_catalog
.
sql_search_tables
=
current_sql_search_tables
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment