Commit c71c143c authored by Vincent Pelletier's avatar Vincent Pelletier

Factorise tests of wether user is super user.

Factorise conversion of user into a string.
Define local_roles variable before accessing original dictionnary multiple times.
Compare one-to-many using "[not ]in" instead of multiple "and [!|=]=".
Factorise call to lower().
Update forgotten unneeded call to self.getSQLCatalog().getColumnMap().has_key() .


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@15411 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 1b8b3797
...@@ -414,6 +414,8 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -414,6 +414,8 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
getSecurityQuery instead getSecurityQuery instead
""" """
user = _getAuthenticatedUser(self) user = _getAuthenticatedUser(self)
user_is_superuser = (user == SUPER_USER)
user_str = str(user)
allowedRolesAndUsers = self._listAllowedRolesAndUsers(user) allowedRolesAndUsers = self._listAllowedRolesAndUsers(user)
role_column_dict = {} role_column_dict = {}
column_map = self.getSQLCatalog().getColumnMap() column_map = self.getSQLCatalog().getColumnMap()
...@@ -421,25 +423,25 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -421,25 +423,25 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# Patch for ERP5 by JP Smets in order # Patch for ERP5 by JP Smets in order
# to implement worklists and search of local roles # to implement worklists and search of local roles
if kw.has_key('local_roles'): if kw.has_key('local_roles'):
local_roles = kw['local_roles']
# XXX user is not enough - we should also include groups of the user # XXX user is not enough - we should also include groups of the user
# Only consider local_roles if it is not empty # Only consider local_roles if it is not empty
if kw['local_roles'] != '' and kw['local_roles'] != [] and kw['local_roles'] is not None: if local_roles not in (None, '', []): # XXX: Maybe "if local_roles:" is enough.
local_roles = kw['local_roles']
new_allowedRolesAndUsers = [] new_allowedRolesAndUsers = []
# Turn it into a list if necessary according to ';' separator # Turn it into a list if necessary according to ';' separator
if isinstance(local_roles, str): if isinstance(local_roles, str):
local_roles = local_roles.split(';') local_roles = local_roles.split(';')
local_roles = [x.lower() for x in local_roles]
# Local roles now has precedence (since it comes from a WorkList) # Local roles now has precedence (since it comes from a WorkList)
for user_or_group in allowedRolesAndUsers: for user_or_group in allowedRolesAndUsers:
for role in local_roles: for role in local_roles:
# Performance optimisation # Performance optimisation
lower_role = role.lower() if role in column_map:
if lower_role in column_map:
# If a given role exists as a column in the catalog, # If a given role exists as a column in the catalog,
# then it is considered as single valued and indexed # then it is considered as single valued and indexed
# through the catalog. # through the catalog.
if user != SUPER_USER: if not user_is_superuser:
role_column_dict[lower_role] = str(user) # XXX This should be a list role_column_dict[role] = user_str # XXX This should be a list
# which also includes all user groups # which also includes all user groups
else: else:
# Else, we use the standard approach # Else, we use the standard approach
...@@ -449,9 +451,9 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -449,9 +451,9 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# We only consider here the Owner role (since it was not indexed) # We only consider here the Owner role (since it was not indexed)
# since some objects may only be visible by their owner # since some objects may only be visible by their owner
# which was not indexed # which was not indexed
if self.getSQLCatalog().getColumnMap().has_key('owner'): if 'owner' in column_map:
if user != SUPER_USER: if not user_is_superuser:
role_column_dict['owner'] = str(user) role_column_dict['owner'] = user_str
# XXX this is inconsistent withe "check for proxy role in stack" # XXX this is inconsistent withe "check for proxy role in stack"
# in _listAllowedRolesAndUsers. We should use the proxy user # in _listAllowedRolesAndUsers. We should use the proxy user
# to be consistent # to be consistent
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment