Commit 3f13489d authored by Sebastien Robin's avatar Sebastien Robin

ERP5Security: make ERP5GroupManager more resistant in extreme cases

When accessing an ERP5 Site, we might have automatic migration of
tools. When this happens, we might not have yet access to scripts
like ERP5Type_asSecurityGroupId.

There was already try/except, so just move slightly more code
inside.
parent f19a3c76
...@@ -131,7 +131,6 @@ class ERP5GroupManager(BasePlugin): ...@@ -131,7 +131,6 @@ class ERP5GroupManager(BasePlugin):
# Fetch category values from defined scripts # Fetch category values from defined scripts
for (method_name, base_category_list) in security_definition_list: for (method_name, base_category_list) in security_definition_list:
base_category_list = tuple(base_category_list) base_category_list = tuple(base_category_list)
method = getattr(self, method_name)
security_category_list = security_category_dict.setdefault( security_category_list = security_category_dict.setdefault(
base_category_list, []) base_category_list, [])
try: try:
...@@ -139,6 +138,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -139,6 +138,7 @@ class ERP5GroupManager(BasePlugin):
# from here or from _updateLocalRolesOnSecurityGroups. # from here or from _updateLocalRolesOnSecurityGroups.
# Currently, passing portal_type='' (instead of 'Person') # Currently, passing portal_type='' (instead of 'Person')
# is the only way to make the difference. # is the only way to make the difference.
method = getattr(self, method_name)
  • If this statement is moved inside the try..except block, then the method variable is pointless.

Please register or sign in to reply
security_category_list.extend( security_category_list.extend(
method(base_category_list, user_id, person_object, '') method(base_category_list, user_id, person_object, '')
) )
...@@ -155,7 +155,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -155,7 +155,7 @@ class ERP5GroupManager(BasePlugin):
group_id_list_generator = getattr(self, generator_name, None) group_id_list_generator = getattr(self, generator_name, None)
if group_id_list_generator is None: if group_id_list_generator is None:
generator_name = ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT generator_name = ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
group_id_list_generator = getattr(self, generator_name) group_id_list_generator = getattr(self, generator_name, None)
  • This means the loop below will still run, and fail on each iteration. Wouldn't it be better to detect a final None and skip it altogether ?

Please register or sign in to reply
for base_category_list, category_value_list in \ for base_category_list, category_value_list in \
security_category_dict.iteritems(): security_category_dict.iteritems():
for category_dict in category_value_list: for category_dict in category_value_list:
......
  • Reading more of this method, it looks like it needs more work if we consider failure cases: currently, it will cache the value returned when it fails, and that value will survive current transaction. That's bad.

    I believe the log statements need to raise, these exception must get through and get caught outside the caching wrapper. This way, incomplete values will not be cached.

    If this becomes a performance issue, then a transactional cache should be used (maybe in addition to the short cache, maybe it could even replace it entirely... this would need more performance checking). If both caches are preserved, transactional cache will almost certainly be faster than the current one, so it should be checked first.

  • Hello. Thanks for your review. Your suggestion looks good. Though, I slightly improved a case that was not working with the minimal possible change (and this avoid other people having failing automatic update).

    The case I had is really exceptional, it should only happens right after update of products.

    It's impossible for me to do more on this at the moment due to some deadlines. If anyone else would like to improve further, I'm all ok with it.

Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment