Commit 5c08879d authored by Yoshinori Okuji's avatar Yoshinori Okuji

Add an optional parameter user_name to assignRoleToSecurityGroup


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@5804 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 557a78f5
...@@ -240,13 +240,14 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ): ...@@ -240,13 +240,14 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
security.declareProtected(ERP5Permissions.ModifyPortalContent, security.declareProtected(ERP5Permissions.ModifyPortalContent,
'assignRoleToSecurityGroup') 'assignRoleToSecurityGroup')
def assignRoleToSecurityGroup(self, object): def assignRoleToSecurityGroup(self, object, user_name = None):
""" """
Assign Local Roles to Groups on object, based on Portal Type Assign Local Roles to Groups on object, based on Portal Type
Role Definitions Role Definitions
""" """
#FIXME We should check the type of the acl_users folder instead of #FIXME We should check the type of the acl_users folder instead of
# checking which product is installed. # checking which product is installed.
if user_name is None:
if ERP5UserManager is not None: if ERP5UserManager is not None:
# We use id for roles in ERP5Security # We use id for roles in ERP5Security
user_name = getSecurityManager().getUser().getId() user_name = getSecurityManager().getUser().getId()
...@@ -258,70 +259,64 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ): ...@@ -258,70 +259,64 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
'Please install it to benefit from group-based security' 'Please install it to benefit from group-based security'
# Retrieve applicable roles # Retrieve applicable roles
# kw provided in order to take any appropriate action role_mapping = self.getFilteredRoleListFor(object=object) # kw provided in order to take any appropriate action
role_mapping = self.getFilteredRoleListFor(object=object) role_category_list_dict = {}
role_category_list = {}
for role, definition_list in role_mapping.items(): for role, definition_list in role_mapping.items():
if not role_category_list.has_key(role):
role_category_list[role] = []
# For each role definition, we look for the base_category_script # For each role definition, we look for the base_category_script
# and try to use it to retrieve the values for # and try to use it to retrieve the values for the base_category list
# the base_category list
for definition in definition_list: for definition in definition_list:
# get the list of base_categories that are statically defined # get the list of base_categories that are statically defined
category_base_list = [x.split('/')[0] static_base_category_list = [x.split('/', 1)[0] for x in definition['category']]
for x in definition['category']]
# get the list of base_categories that are to be fetched through the script # get the list of base_categories that are to be fetched through the script
actual_base_category_list = [x for x in definition['base_category'] if x not in category_base_list] dynamic_base_category_list = [x for x in definition['base_category'] if x not in static_base_category_list]
# get the aggregated list of base categories, to preserve the order # get the aggregated list of base categories, to preserve the order
category_order_list = [] category_order_list = []
category_order_list.extend(definition['base_category']) category_order_list.extend(definition['base_category'])
for bc in category_base_list: for bc in static_base_category_list:
if bc not in category_order_list: if bc not in category_order_list:
category_order_list.append(bc) category_order_list.append(bc)
# get the script and apply it if actual_base_category_list is not empty # get the script and apply it if dynamic_base_category_list is not empty
if len(actual_base_category_list) > 0: if len(dynamic_base_category_list) > 0:
base_category_script_id = definition['base_category_script'] base_category_script_id = definition['base_category_script']
base_category_script = getattr(object, base_category_script_id, None) base_category_script = getattr(object, base_category_script_id, None)
if base_category_script is not None: if base_category_script is not None:
# call the script, which should return either a dict or a list of dicts # call the script, which should return either a dict or a list of dicts
category_result = base_category_script(actual_base_category_list, user_name, object, object.getPortalType()) category_result = base_category_script(dynamic_base_category_list, user_name, object, object.getPortalType())
# If we decide in the script that we don't want to update the security for this object, # If we decide in the script that we don't want to update the security for this object,
# we can just have it return None instead of a dict or list of dicts # we can just have it return None instead of a dict or list of dicts
if category_result is None: if category_result is None:
continue continue
if type(category_result) is type({}): elif isinstance(category_result, dict):
category_result = [category_result] category_result = [category_result]
else: else:
raise RuntimeError, 'Script %s was not found to fetch values for'\ raise RuntimeError, 'Script %s was not found to fetch values for'\
' base categories : %s' % (base_category_script_id, ' base categories : %s' % (base_category_script_id,
', '.join(actual_base_category_list)) ', '.join(dynamic_base_category_list))
else: else:
category_result = [{}] category_result = [{}]
# add the result to role_category_list, aggregated with category_order and statically defined categories # add the result to role_category_list_dict, aggregated with category_order and statically defined categories
role_category_list = role_category_list_dict.setdefault(role, [])
for category_dict in category_result: for category_dict in category_result:
category_value_dict = {'category_order':category_order_list} category_value_dict = {'category_order':category_order_list}
category_value_dict.update(category_dict) category_value_dict.update(category_dict)
for c in definition['category']: for c in definition['category']:
bc, value = c.split('/', 1) bc, value = c.split('/', 1)
category_value_dict[bc] = value category_value_dict[bc] = value
role_category_list[role].append(category_value_dict) role_category_list.append(category_value_dict)
# Generate security group ids from category_value_dicts # Generate security group ids from category_value_dicts
role_group_id_dict = {} role_group_id_dict = {}
group_id_generator = getattr(object, ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT, None) group_id_generator = getattr(object, ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT, None)
if group_id_generator is None: if group_id_generator is None:
raise RuntimeError, '%s script was not found' % ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT raise RuntimeError, '%s script was not found' % ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
for role, value_list in role_category_list.items(): for role, value_list in role_category_list_dict.items():
if not role_group_id_dict.has_key(role):
role_group_id_dict[role] = []
role_group_dict = {} role_group_dict = {}
for category_dict in value_list: for category_dict in value_list:
group_id = group_id_generator(**category_dict) group_id = group_id_generator(**category_dict)
# If group_id is not defined, do not use it # If group_id is not defined, do not use it
if group_id not in (None, ''): if group_id not in (None, ''):
if type(group_id) is type('a'): if isinstance(group_id, str):
# Single group is defined (this is usually for group membership) # Single group is defined (this is usually for group membership)
role_group_dict[group_id] = 1 role_group_dict[group_id] = 1
else: else:
...@@ -329,15 +324,13 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ): ...@@ -329,15 +324,13 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
# but it could be extended to ad hoc groups # but it could be extended to ad hoc groups
for user_id in group_id: for user_id in group_id:
role_group_dict[user_id] = 1 role_group_dict[user_id] = 1
role_group_id_dict[role].extend(role_group_dict.keys()) role_group_id_dict.setdefault(role, []).extend(role_group_dict.keys())
# Switch index from role to group id # Switch index from role to group id
group_id_role_dict = {} group_id_role_dict = {}
for role, group_list in role_group_id_dict.items(): for role, group_list in role_group_id_dict.items():
for group_id in group_list: for group_id in group_list:
if not group_id_role_dict.has_key(group_id): group_id_role_dict.setdefault(group_id, []).append(role)
group_id_role_dict[group_id] = []
group_id_role_dict[group_id].append(role)
# Update role assignments to groups # Update role assignments to groups
if ERP5UserManager is not None: # Default implementation if ERP5UserManager is not None: # Default implementation
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment