Hi!
Here are 4 or 5 bug fixes for PluggableUserFolder, that I'm planning to
merge soon.
Most of them have to do with the group roles ('role:Authenticated', ...)
and acquired roles, that were simply not taken into account (not
implemented).
the changes are:
- local roles were not merged from the parent folders
- mergedLocalRoles() according to PluginInterface getUsersWithRoles()
takes an object as argument.
- mergedLocalRoles(): cannot expand a tuple, so we use an empty list
instead.
- mergedLocalRoles(): the 'result' dict was not defined before assignment.
- moved the 'No plugins able to identify user' log message from ERROR
to WARNING level.
- getRolesInContext() did not take group roles ('roles:Authenticated')
into account
we are testing the changes and it works fine so far.
please review them if you see that something is weird.
cheers /JM
Index: PluggableUserFolder.py
===================================================================
--- PluggableUserFolder.py (.../trunk) (revision 19068)
+++ PluggableUserFolder.py (.../branches/jmo-merged-local-roles-fix-and-blocking) (revision 21904)
@@ -480,13 +480,14 @@
# deal with role management plugins, to get a better list
plugins = self._get_plugins(IRolePlugin)
+ result = {}
if not withgroups:
# This is probably not CPS. We will simply return a correct and
# complete list of all users and their roles in this place.
for plugin in plugins:
- for user in plugin.getUsersWithRoles():
+ for user in plugin.getUsersWithRoles(object):
if not merged.has_key(user):
- merged[user] = ()
+ merged[user] = []
for plugin in plugins:
for user in merged.keys():
@@ -500,7 +501,6 @@
# are members of groups, but that is no problem, just overhead.
# Also this adds the 'user:' prefix to users that CPS
# wants when withgroups is given.
- result = {}
for plugin in plugins:
for user in merged.keys():
result['user:' + user] = plugin.modifyLocalRoles(
@@ -511,7 +511,9 @@
for group in plugin.getLocalGroups(object):
result['group:' + group] = \
plugin.getGroupRolesOnObject(group, object)
-
+ for role in plugin.getAcquiredGroupRoles(group, object):
+ for acquired_role in role['roles']:
+ result['group:' + group].append(acquired_role)
return result
def mergedLocalRolesWithPath(self, object, withgroups=0):
@@ -582,8 +584,9 @@
for plugin in plugins:
for user in merged.keys():
result[user] = []
+ user_append = result[user].append
for dict in merged[user]:
- result[user].append(
+ user_append(
{'url': dict['url'],
'roles': plugin.modifyLocalRoles(
user, object, dict['roles'])})
@@ -591,12 +594,21 @@
plugins = self._get_plugins(IGroupPlugin)
for plugin in plugins:
for group in plugin.getLocalGroups(object):
- result['group:'+group] = []
- for dict in merged['group:'+group]:
- result['group:'+group].append(
+ group_name = 'group:' + group
+ result[group_name] = []
+ append_groups = result[group_name].append
+ for dict in merged[group_name]:
+ append_groups(
{'url': dict['url'],
'roles': plugin.getGroupRolesOnObject(group, object)})
+ for role in plugin.getAcquiredGroupRoles(group, object):
+ obj_url = utool.getRelativeUrl(role['obj'])
+ for acquired_role in role['roles']:
+ if acquired_role in result[group_name]:
+ continue
+ append_groups(
+ {'roles': [acquired_role], 'url': obj_url})
return result
def _allowedRolesAndUsers(self, ob):
@@ -750,7 +762,7 @@
if plugin.canIdentify(auth):
return plugin.identify(auth)
- LOG('PluggableUserFolder', ERROR, 'identify',
+ LOG('PluggableUserFolder', WARNING, 'identify',
'No plugins able to identify user\n')
return None, None
Index: PluggableUser.py
===================================================================
--- PluggableUser.py (.../trunk) (revision 19068)
+++ PluggableUser.py (.../branches/jmo-merged-local-roles-fix-and-blocking) (revision 21904)
@@ -91,6 +91,10 @@
for plugin in plugins:
user_roles = plugin.modifyLocalRoles(userid,
inner_object, user_roles)
+ for groupid in plugin.getGroupsOnObject(inner_object):
+ user_roles.extend(plugin.getGroupRolesOnObject(groupid,
+ inner_object))
+
for r in user_roles:
local[r] = 1 #Using mappings is a neat way of doing unions.
inner = getattr(inner_object, 'aq_inner', inner_object)
Index: SimpleGroupRoles.py
===================================================================
--- SimpleGroupRoles.py (.../trunk) (revision 19068)
+++ SimpleGroupRoles.py (.../branches/jmo-merged-local-roles-fix-and-blocking) (revision 21904)
@@ -318,6 +318,22 @@
result.append({'obj': inner_obj, 'groups': groups})
return result
+ def getAcquiredGroupRoles(self, group, object):
+ result = []
+ inner_obj = object
+ while 1:
+ if hasattr(inner_obj, 'im_self'):
+ inner_obj = inner_obj.im_self
+ inner = getattr(inner_obj, 'aq_inner', inner_obj)
+ parent = getattr(inner, 'aq_parent', None)
+ if parent is None:
+ break
+ inner_obj = parent
+ roles = self.getGroupRolesOnObject(group, inner_obj)
+ if roles:
+ result.append({'obj': inner_obj, 'roles': roles})
+ return result
+
#
# API
#
Index: CHANGES
===================================================================
--- CHANGES (.../trunk) (revision 19068)
+++ CHANGES (.../branches/jmo-merged-local-roles-fix-and-blocking) (revision 21904)
@@ -6,7 +6,15 @@
-
Bug fixes:
~~~~~~~~~~
--
+- local roles were not merged from the parent folders
+- mergedLocalRoles() according to PluginInterface getUsersWithRoles() takes
+ an object as argument.
+- mergedLocalRoles(): cannot expand a tuple, so we use an empty list instead.
+- mergedLocalRoles(): the 'result' dict was not defined before assignment.
+- moved the 'No plugins able to identify user' log message from ERROR
+ to WARNING level.
+- getRolesInContext() did not take group roles ('roles:Authenticated')
+ into account
New internal features:
~~~~~~~~~~~~~~~~~~~~~~
-
_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel
