Commit d0260f5e authored by Vincent Pelletier's avatar Vincent Pelletier

ERP5Catalog: Make user/group distinction scriptable.

This allows breaking a circular dependency of catalog on itself: to
index a local role, catalog must tell whether it's granted to a group or
to a user, which used to happen using a catalog lookup (via PAS API),
preventing catalog from being rebuilt from scratch.

With this change, ERP5Site_filterUserIdSet must be implemented when
custom role columns are used (viewable_owner is not concerned by this
change).
If it is implemented in a way which does not rely on catalog,
catalog become rebuildable from a lone ZODB, without double-indexation
of users nor security_uid explosion.
Nothing prevents relying on catalog (which mayu be desired for
backward-compatibility purposes), but such script will not be provided
by generic ERP5, as the impossibility of recreating catalog from ZODB
is considered a bug, and introducing such script amounts to introducing
this bug.

Create ERP5Site_filterUserIdList in tests which add custom viewable_*
columns.
parent 4c514da5
...@@ -897,11 +897,8 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -897,11 +897,8 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# Note: we mutate the set, so all related wrappers get (purposedly) # Note: we mutate the set, so all related wrappers get (purposedly)
# affected by this, which must happen before _getSecurityParameterList # affected by this, which must happen before _getSecurityParameterList
# is called (which happens when calling getSecurityUidDict below). # is called (which happens when calling getSecurityUidDict below).
user_set += ( user_set += portal.ERP5Site_filterUserIdSet(
x['id'] for x in portal.acl_users.searchUsers( group_and_user_id_set=group_and_user_id_set,
id=list(group_and_user_id_set),
exact_match=True,
)
) )
getSecurityUidDict = catalog_value.getSecurityUidDict getSecurityUidDict = catalog_value.getSecurityUidDict
......
...@@ -2275,7 +2275,15 @@ VALUES ...@@ -2275,7 +2275,15 @@ VALUES
sql_catalog.sql_catalog_role_keys = ( sql_catalog.sql_catalog_role_keys = (
'Assignee | %s.viewable_assignee_reference' % \ 'Assignee | %s.viewable_assignee_reference' % \
local_roles_table,) local_roles_table,)
createZODBPythonScript(
self.portal.portal_skins.custom,
'ERP5Site_filterUserIdSet',
'group_and_user_id_set',
'actual_user_set = %r\n'
'return [x for x in group_and_user_id_set if x in actual_user_set]' % (
(user1, user2),
),
)
current_sql_search_tables = sql_catalog.sql_search_tables current_sql_search_tables = sql_catalog.sql_search_tables
sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \ sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \
[local_roles_table] [local_roles_table]
...@@ -2324,6 +2332,7 @@ VALUES ...@@ -2324,6 +2332,7 @@ VALUES
result = obj.portal_catalog(portal_type=portal_type, local_roles='Auditor') result = obj.portal_catalog(portal_type=portal_type, local_roles='Auditor')
self.assertSameSet([obj2, ], [x.getObject() for x in result]) self.assertSameSet([obj2, ], [x.getObject() for x in result])
finally: finally:
self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
sql_catalog.sql_catalog_object_list = \ sql_catalog.sql_catalog_object_list = \
current_sql_catalog_object_list current_sql_catalog_object_list
sql_catalog.sql_clear_catalog = \ sql_catalog.sql_clear_catalog = \
...@@ -2441,7 +2450,14 @@ VALUES ...@@ -2441,7 +2450,14 @@ VALUES
sql_catalog.sql_catalog_role_keys = ( sql_catalog.sql_catalog_role_keys = (
'Assignee | %s.viewable_assignee_reference' % \ 'Assignee | %s.viewable_assignee_reference' % \
local_roles_table,) local_roles_table,)
createZODBPythonScript(
self.portal.portal_skins.custom,
'ERP5Site_filterUserIdSet',
'group_and_user_id_set',
'return [x for x in group_and_user_id_set if x == %r]' % (
user1,
),
)
current_sql_search_tables = sql_catalog.sql_search_tables current_sql_search_tables = sql_catalog.sql_search_tables
sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \ sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \
[local_roles_table] [local_roles_table]
...@@ -2584,6 +2600,7 @@ VALUES ...@@ -2584,6 +2600,7 @@ VALUES
**count_result_kw))) **count_result_kw)))
finally: finally:
self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
sql_catalog.sql_catalog_object_list = \ sql_catalog.sql_catalog_object_list = \
current_sql_catalog_object_list current_sql_catalog_object_list
sql_catalog.sql_clear_catalog = \ sql_catalog.sql_clear_catalog = \
...@@ -2692,7 +2709,14 @@ VALUES ...@@ -2692,7 +2709,14 @@ VALUES
'Owner | viewable_owner', 'Owner | viewable_owner',
'Assignee | %s.viewable_assignee_reference' % \ 'Assignee | %s.viewable_assignee_reference' % \
local_roles_table,) local_roles_table,)
createZODBPythonScript(
self.portal.portal_skins.custom,
'ERP5Site_filterUserIdSet',
'group_and_user_id_set',
'return [x for x in group_and_user_id_set if x == %r]' % (
user1,
),
)
current_sql_search_tables = sql_catalog.sql_search_tables current_sql_search_tables = sql_catalog.sql_search_tables
sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \ sql_catalog.sql_search_tables = sql_catalog.sql_search_tables + \
[local_roles_table] [local_roles_table]
...@@ -2827,6 +2851,7 @@ VALUES ...@@ -2827,6 +2851,7 @@ VALUES
**count_result_kw))) **count_result_kw)))
finally: finally:
self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
sql_catalog.sql_catalog_object_list = \ sql_catalog.sql_catalog_object_list = \
current_sql_catalog_object_list current_sql_catalog_object_list
sql_catalog.sql_clear_catalog = \ sql_catalog.sql_clear_catalog = \
...@@ -2937,6 +2962,14 @@ VALUES ...@@ -2937,6 +2962,14 @@ VALUES
person = self.portal.person_module.newContent(portal_type='Person') person = self.portal.person_module.newContent(portal_type='Person')
user_id = person.Person_getUserId() user_id = person.Person_getUserId()
createZODBPythonScript(
self.portal.portal_skins.custom,
'ERP5Site_filterUserIdSet',
'group_and_user_id_set',
'return [x for x in group_and_user_id_set if x == %r]' % (
user_id,
),
)
person.manage_setLocalRoles(user_id, ['Assignee']) person.manage_setLocalRoles(user_id, ['Assignee'])
self.tic() self.tic()
...@@ -2952,6 +2985,7 @@ VALUES ...@@ -2952,6 +2985,7 @@ VALUES
# check that user has optimised security declaration # check that user has optimised security declaration
self.assertEqual(local_roles_table_result['viewable_assignee_reference'], user_id) self.assertEqual(local_roles_table_result['viewable_assignee_reference'], user_id)
finally: finally:
self.portal.portal_skins.custom.manage_delObjects(ids=['ERP5Site_filterUserIdSet'])
sql_catalog.sql_catalog_object_list = \ sql_catalog.sql_catalog_object_list = \
current_sql_catalog_object_list current_sql_catalog_object_list
sql_catalog.sql_clear_catalog = \ sql_catalog.sql_clear_catalog = \
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment