Define getAllowedUsersAndRoles.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@1394 20353a03-c40f-0410-a6d1-a30d3c3de9de

Define getAllowedUsersAndRoles.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@1394 20353a03-c40f-0410-a6d1-a30d3c3de9de
08b81068 · Yoshinori Okuji · 2bcf353e · 08b81068
Commit 08b81068 authored Aug 19, 2004 by Yoshinori Okuji
Show whitespace changes
Inline Side-by-side

Showing with 52 additions and 58 deletions

product/ERP5Catalog/CatalogTool.py product/ERP5Catalog/CatalogTool.py +52 -58

No files found.
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -320,14 +320,15 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
            }
        return getEngine().getContext(data)

-    # searchResults has inherited security assertions.
-    def searchResults(self, REQUEST=None, **kw):
+    security.declarePublic( 'getAllowedRolesAndUsers' )
+    def getAllowedRolesAndUsers(self, **kw):
      """
-            Calls ZCatalog.searchResults with extra arguments that
-            limit the results to what the user is allowed to see.
+        Return allowed roles and users.
+        This is supposed to be used with Z SQL Methods to check permissions
+        when you list up documents.
      """
      user = _getAuthenticatedUser(self)
-        kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user ) # XXX allowedRolesAndUsers naming is wrong
+      allowedRolesAndUsers = self._listAllowedRolesAndUsers( user )

      # Patch for ERP5 by JP Smets in order
      # to implement worklists and search of local roles
@@ -339,16 +340,26 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
          if type(local_roles) == type('a'):
            local_roles = local_roles.split(';')
          # Local roles now has precedence (since it comes from a WorkList)
-            kw[ 'allowedRolesAndUsers' ] = []
+          allowedRolesAndUsers = []
          for role in local_roles:
-                 kw[ 'allowedRolesAndUsers' ].append('user:%s:%s' % (user, role))
+            allowedRolesAndUsers.append('user:%s:%s' % (user, role))
+
+      return allowedRolesAndUsers
+
+    # searchResults has inherited security assertions.
+    def searchResults(self, REQUEST=None, **kw):
+        """
+            Calls ZCatalog.searchResults with extra arguments that
+            limit the results to what the user is allowed to see.
+        """
+        kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong

-        if not _checkPermission(
-            CMFCorePermissions.AccessInactivePortalContent, self ):
-            base = aq_base( self )
-            now = DateTime()
-            #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
-            #kw[ 'expires'   ] = { 'query' : now, 'range' : 'min' }
+        #if not _checkPermission(
+        #    CMFCorePermissions.AccessInactivePortalContent, self ):
+        #    base = aq_base( self )
+        #    now = DateTime()
+        #    #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
+        #    #kw[ 'expires'   ] = { 'query' : now, 'range' : 'min' }

        #LOG("search allowedRolesAndUsers",0,str(kw[ 'allowedRolesAndUsers' ]))
        return apply(ZCatalog.searchResults, (self, REQUEST), kw)
@@ -360,35 +371,18 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
            Calls ZCatalog.countResults with extra arguments that
            limit the results to what the user is allowed to see.
        """
-        user = _getAuthenticatedUser(self)
-        kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
-
-        # Patch for ERP5 by JP Smets in order
-        # to implement worklists and search of local roles
-        if kw.has_key('local_roles'):
-          # Only consider local_roles if it is not empty
-          if kw['local_roles'] != '' and  kw['local_roles'] != [] and  kw['local_roles'] is not None:
-            local_roles = kw['local_roles']
-            # Turn it into a list if necessary according to ';' separator
-            if type(local_roles) == type('a'):
-              local_roles = local_roles.split(';')
-            # Local roles now has precedence (since it comes from a WorkList)
-            kw[ 'allowedRolesAndUsers' ] = []
-            for role in local_roles:
-                 kw[ 'allowedRolesAndUsers' ].append('user:%s:%s' % (user, role))
+        kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong

        # Forget about permissions in statistics
        # (we should not count lines more than once
        if kw.has_key('select_expression'): del kw[ 'allowedRolesAndUsers' ]

-
-
-        if not _checkPermission(
-            CMFCorePermissions.AccessInactivePortalContent, self ):
-            base = aq_base( self )
-            now = DateTime()
-            #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
-            #kw[ 'expires'   ] = { 'query' : now, 'range' : 'min' }
+        #if not _checkPermission(
+        #    CMFCorePermissions.AccessInactivePortalContent, self ):
+        #    base = aq_base( self )
+        #    now = DateTime()
+        #    #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
+        #    #kw[ 'expires'   ] = { 'query' : now, 'range' : 'min' }

        return apply(ZCatalog.countResults, (self, REQUEST), kw)