Commit 6e014198 authored by Aurel's avatar Aurel

do not join anylonger with roles_and_user table when doing

search/countResults, instead make a first request to get security uid
in pass the result


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12959 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent febb03ac
...@@ -45,7 +45,7 @@ from Products.CMFCore.Expression import Expression ...@@ -45,7 +45,7 @@ from Products.CMFCore.Expression import Expression
from Products.PageTemplates.Expressions import getEngine from Products.PageTemplates.Expressions import getEngine
from MethodObject import Method from MethodObject import Method
import os, time, urllib import os, time, urllib, warnings
from zLOG import LOG from zLOG import LOG
SECURITY_USING_NUX_USER_GROUPS, SECURITY_USING_PAS = range(2) SECURITY_USING_NUX_USER_GROUPS, SECURITY_USING_PAS = range(2)
...@@ -69,7 +69,7 @@ try: ...@@ -69,7 +69,7 @@ try:
from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
except ImportError: except ImportError:
pass pass
def getSecurityProduct(acl_users): def getSecurityProduct(acl_users):
"""returns the security used by the user folder passed. """returns the security used by the user folder passed.
(NuxUserGroup, ERP5Security, or None if anything else). (NuxUserGroup, ERP5Security, or None if anything else).
...@@ -139,7 +139,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): ...@@ -139,7 +139,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
# trying to reduce the number of security definitions # trying to reduce the number of security definitions
# However, this could be a bad idea if we start to use Owner role # However, this could be a bad idea if we start to use Owner role
# as a kind of Assignee and if we need it for worklists. # as a kind of Assignee and if we need it for worklists.
if role != 'Owner': if role != 'Owner':
if withnuxgroups: if withnuxgroups:
allowed[user + ':' + role] = 1 allowed[user + ':' + role] = 1
else: else:
...@@ -237,7 +237,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -237,7 +237,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# Make this the default. # Make this the default.
self.default_sql_catalog_id = config_id self.default_sql_catalog_id = config_id
security.declareProtected( 'Import/Export objects', 'exportSQLMethods' ) security.declareProtected( 'Import/Export objects', 'exportSQLMethods' )
def exportSQLMethods(self, sql_catalog_id=None, config_id='erp5'): def exportSQLMethods(self, sql_catalog_id=None, config_id='erp5'):
""" """
...@@ -258,7 +258,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -258,7 +258,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
'z_create_record', 'z_related_security', 'z_delete_recorded_object_list', 'z_create_record', 'z_related_security', 'z_delete_recorded_object_list',
'z_reserve_uid', 'z_getitem_by_path', 'z_show_columns', 'z_getitem_by_path', 'z_reserve_uid', 'z_getitem_by_path', 'z_show_columns', 'z_getitem_by_path',
'z_show_tables', 'z_getitem_by_uid', 'z_unique_values', 'z_produce_reserved_uid_list',) 'z_show_tables', 'z_getitem_by_uid', 'z_unique_values', 'z_produce_reserved_uid_list',)
msg = '' msg = ''
for id in catalog.objectIds(spec=('Z SQL Method',)): for id in catalog.objectIds(spec=('Z SQL Method',)):
if id in common_sql_list: if id in common_sql_list:
...@@ -275,7 +275,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -275,7 +275,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
f.write(text) f.write(text)
finally: finally:
f.close() f.close()
properties = self.manage_catalogExportProperties(sql_catalog_id=sql_catalog_id) properties = self.manage_catalogExportProperties(sql_catalog_id=sql_catalog_id)
name = os.path.join(config_sql_dir, 'properties.xml') name = os.path.join(config_sql_dir, 'properties.xml')
msg += 'Writing %s\n' % (name,) msg += 'Writing %s\n' % (name,)
...@@ -284,9 +284,9 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -284,9 +284,9 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
f.write(properties) f.write(properties)
finally: finally:
f.close() f.close()
return msg return msg
def _listAllowedRolesAndUsers(self, user): def _listAllowedRolesAndUsers(self, user):
security_product = getSecurityProduct(self.acl_users) security_product = getSecurityProduct(self.acl_users)
if security_product == SECURITY_USING_PAS: if security_product == SECURITY_USING_PAS:
...@@ -425,13 +425,32 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -425,13 +425,32 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return allowedRolesAndUsers return allowedRolesAndUsers
security.declarePrivate('getSecurityUid')
def getSecurityUid(self, **kw):
"""
Return list of security oid for given roles list
"""
catalog = self.getSQLCatalog()
method = getattr(catalog, catalog.sql_search_security, '')
if method in ('', None):
# XXX old way, should not be used anylonger
warnings.warn("The usage of allowedRolesAndUsers is deprecated.\n"
"Please update your business template erp5_mysql_innodb.",
DeprecationWarning)
kw['allowedRolesAndUsers'] = self.getAllowedRolesAndUsers(**kw)
else:
allowedRolesAndUsers = ["'%s'" % (role, ) for role in self.getAllowedRolesAndUsers(**kw)]
security_uid_list = [x.uid for x in method(security_roles_list = allowedRolesAndUsers)]
kw['security_uid'] = security_uid_list
return kw
# searchResults has inherited security assertions. # searchResults has inherited security assertions.
def searchResults(self, REQUEST=None, **kw): def searchResults(self, REQUEST=None, **kw):
""" """
Calls ZCatalog.searchResults with extra arguments that Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see. limit the results to what the user is allowed to see.
""" """
kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong kw = self.getSecurityUid(**kw)
if not _checkPermission( if not _checkPermission(
CMFCorePermissions.AccessInactivePortalContent, self ): CMFCorePermissions.AccessInactivePortalContent, self ):
...@@ -457,11 +476,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -457,11 +476,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
Calls ZCatalog.countResults with extra arguments that Calls ZCatalog.countResults with extra arguments that
limit the results to what the user is allowed to see. limit the results to what the user is allowed to see.
""" """
kw[ 'allowedRolesAndUsers' ] = self.getAllowedRolesAndUsers(**kw) # XXX allowedRolesAndUsers naming is wrong kw = self.getSecurityUid(**kw)
# Forget about permissions in statistics
# (we should not count lines more than once with statistic expressions)
if kw.has_key('select_expression'): del kw[ 'allowedRolesAndUsers' ]
# XXX This needs to be set again # XXX This needs to be set again
#if not _checkPermission( #if not _checkPermission(
...@@ -472,7 +487,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -472,7 +487,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
# #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' } # #kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
return ZCatalog.countResults(self, REQUEST, **kw) return ZCatalog.countResults(self, REQUEST, **kw)
security.declarePrivate('unrestrictedCountResults') security.declarePrivate('unrestrictedCountResults')
def unrestrictedCountResults(self, REQUEST=None, **kw): def unrestrictedCountResults(self, REQUEST=None, **kw):
"""Calls ZSQLCatalog.countResults directly without restrictions. """Calls ZSQLCatalog.countResults directly without restrictions.
...@@ -664,7 +679,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -664,7 +679,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
else: else:
base_category_id = name[len(DYNAMIC_METHOD_NAME):] base_category_id = name[len(DYNAMIC_METHOD_NAME):]
method = RelatedBaseCategory(base_category_id) method = RelatedBaseCategory(base_category_id)
setattr(self.__class__, name, setattr(self.__class__, name,
method) method)
klass = aq_base(self).__class__ klass = aq_base(self).__class__
if hasattr(klass, 'security'): if hasattr(klass, 'security'):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment