diff --git a/product/ERP5Security/ERP5GroupManager.py b/product/ERP5Security/ERP5GroupManager.py
index d0e9374377880445bd8468dd5196618485feb9a9..372a7110cefc1ba9e6941b2ad95949312ee74150 100644
--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -93,88 +93,85 @@ class ERP5GroupManager(BasePlugin):
security_group_list = []
security_definition_list = ()
- try:
- # To get the complete list of groups, we try to call the
- # ERP5Type_getSecurityCategoryMapping which should return a list
- # of lists of two elements (script, base_category_list) like :
- # (
- # ('script_1', ['base_category_1', 'base_category_2', ...]),
- # ('script_2', ['base_category_1', 'base_category_3', ...])
- # )
- #
- # else, if the script does not exist, falls back to a list containng
- # only one list :
- # (('ERP5Type_getSecurityCategoryFromAssignment',
- # self.getPortalAssignmentBaseCategoryList() ),)
-
- mapping_method = getattr(self,
- 'ERP5Type_getSecurityCategoryMapping', None)
- if mapping_method is None:
- security_definition_list = ((
- 'ERP5Type_getSecurityCategoryFromAssignment',
- self.getPortalAssignmentBaseCategoryList()
- ),)
- else:
- security_definition_list = mapping_method()
-
- # get the person from its login - no security check needed
- user_path_set = {
- x['path']
- for x in self.searchUsers(id=user_id, exact_match=True)
- if 'path' in x
- }
- if not user_path_set:
- return ()
- user_path, = user_path_set
- person_object = self.getPortalObject().unrestrictedTraverse(user_path)
-
- # Fetch category values from defined scripts
- for (method_name, base_category_list) in security_definition_list:
- base_category_list = tuple(base_category_list)
- security_category_list = security_category_dict.setdefault(
- base_category_list, [])
+ # To get the complete list of groups, we try to call the
+ # ERP5Type_getSecurityCategoryMapping which should return a list
+ # of lists of two elements (script, base_category_list) like :
+ # (
+ # ('script_1', ['base_category_1', 'base_category_2', ...]),
+ # ('script_2', ['base_category_1', 'base_category_3', ...])
+ # )
+ #
+ # else, if the script does not exist, falls back to a list containng
+ # only one list :
+ # (('ERP5Type_getSecurityCategoryFromAssignment',
+ # self.getPortalAssignmentBaseCategoryList() ),)
+
+ mapping_method = getattr(self,
+ 'ERP5Type_getSecurityCategoryMapping', None)
+ if mapping_method is None:
+ security_definition_list = ((
+ 'ERP5Type_getSecurityCategoryFromAssignment',
+ self.getPortalAssignmentBaseCategoryList()
+ ),)
+ else:
+ security_definition_list = mapping_method()
+
+ # get the person from its login - no security check needed
+ user_path_set = {
+ x['path']
+ for x in self.searchUsers(id=user_id, exact_match=True)
+ if 'path' in x
+ }
+ if not user_path_set:
+ return ()
+ user_path, = user_path_set
+ person_object = self.getPortalObject().unrestrictedTraverse(user_path)
+
+ # Fetch category values from defined scripts
+ for (method_name, base_category_list) in security_definition_list:
+ base_category_list = tuple(base_category_list)
+ security_category_list = security_category_dict.setdefault(
+ base_category_list, [])
+ try:
+ # The called script may want to distinguish if it is called
+ # from here or from _updateLocalRolesOnSecurityGroups.
+ # Currently, passing portal_type='' (instead of 'Person')
+ # is the only way to make the difference.
+ method = getattr(self, method_name)
+ security_category_list.extend(
+ method(base_category_list, user_id, person_object, '')
+ )
+ except ConflictError:
+ raise
+ except:
+ LOG('ERP5GroupManager', WARNING,
+ 'could not get security categories from %s' % (method_name,),
+ error = sys.exc_info())
+
+ # Get group names from category values
+ # XXX try ERP5Type_asSecurityGroupIdList first for compatibility
+ generator_name = 'ERP5Type_asSecurityGroupIdList'
+ group_id_list_generator = getattr(self, generator_name, None)
+ if group_id_list_generator is None:
+ generator_name = ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
+ group_id_list_generator = getattr(self, generator_name, None)
+ for base_category_list, category_value_list in \
+ security_category_dict.iteritems():
+ for category_dict in category_value_list:
try:
- # The called script may want to distinguish if it is called
- # from here or from _updateLocalRolesOnSecurityGroups.
- # Currently, passing portal_type='' (instead of 'Person')
- # is the only way to make the difference.
- method = getattr(self, method_name)
- security_category_list.extend(
- method(base_category_list, user_id, person_object, '')
- )
+ group_id_list = group_id_list_generator(
+ category_order=base_category_list,
+ **category_dict)
+ if isinstance(group_id_list, str):
+ group_id_list = [group_id_list]
+ security_group_list.extend(group_id_list)
except ConflictError:
raise
except:
LOG('ERP5GroupManager', WARNING,
- 'could not get security categories from %s' % (method_name,),
+ 'could not get security groups from %s' %
+ generator_name,
error = sys.exc_info())
-
- # Get group names from category values
- # XXX try ERP5Type_asSecurityGroupIdList first for compatibility
- generator_name = 'ERP5Type_asSecurityGroupIdList'
- group_id_list_generator = getattr(self, generator_name, None)
- if group_id_list_generator is None:
- generator_name = ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
- group_id_list_generator = getattr(self, generator_name, None)
- for base_category_list, category_value_list in \
- security_category_dict.iteritems():
- for category_dict in category_value_list:
- try:
- group_id_list = group_id_list_generator(
- category_order=base_category_list,
- **category_dict)
- if isinstance(group_id_list, str):
- group_id_list = [group_id_list]
- security_group_list.extend(group_id_list)
- except ConflictError:
- raise
- except:
- LOG('ERP5GroupManager', WARNING,
- 'could not get security groups from %s' %
- generator_name,
- error = sys.exc_info())
- finally:
- pass
return tuple(security_group_list)
if not NO_CACHE_MODE: