[CMF-checkins] CVS: CMF/CMFCore - CatalogTool.py:1.29 MembershipTool.py:1.21

Florent Guillaume fg@nuxeo.com
Wed, 3 Jul 2002 15:57:34 -0400 

Update of /cvs-repository/CMF/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv21628/CMFCore

Modified Files:
	CatalogTool.py MembershipTool.py 
Log Message:
Made the security-related indexes of the portal catalog be updated for
all impacted objects whenever local roles are changed (Tracker #494).
This feature makes use of the 'path' index.

(XXX Tests should be written for those... I'm not familiar enough with
security-related tests to do that.)

Made 'path' (PathIndex) a standard index inside CMF. When upgrading from
earlier versions this index will have to be created by hand.

Noted this upgrade requirement in the INSTALL.txt file.


=== CMF/CMFCore/CatalogTool.py 1.28 => 1.29 ===
                , ('meta_type', 'FieldIndex')
                , ('id', 'FieldIndex')
+               , ('path', 'PathIndex')
                )
     
     security.declarePublic( 'enumerateColumns' )


=== CMF/CMFCore/MembershipTool.py 1.20 => 1.21 ===
         return tuple( member_roles )
 
-    security.declareProtected(CMFCorePermissions.View, 
-                                'setLocalRoles')
-    def setLocalRoles( self, obj, member_ids, member_role ):
+    security.declareProtected(CMFCorePermissions.View, 'setLocalRoles')
+    def setLocalRoles( self, obj, member_ids, member_role, reindex=0 ):
         """ Set local roles on an item """
         member = self.getAuthenticatedMember()
         my_roles = member.getRolesInContext( obj )
-        
+
         if 'Manager' in my_roles or member_role in my_roles:
             for member_id in member_ids:
                 roles = list(obj.get_local_roles_for_userid( userid=member_id ))
-            
+
                 if member_role not in roles:
                     roles.append( member_role )
                     obj.manage_setLocalRoles( member_id, roles )
 
-    security.declareProtected( CMFCorePermissions.View,
-                                    'deleteLocalRoles' )
-    def deleteLocalRoles( self, obj, member_ids ):
+        if reindex:
+            self.reindexSecurity(obj)
+
+    security.declareProtected(CMFCorePermissions.View, 'deleteLocalRoles')
+    def deleteLocalRoles( self, obj, member_ids, reindex=0 ):
         """ Delete local roles for members member_ids """
         member = self.getAuthenticatedMember()
         my_roles = member.getRolesInContext( obj )
 
         if 'Manager' in my_roles or 'Owner' in my_roles:
             obj.manage_delLocalRoles( userids=member_ids )
+
+        if reindex:
+            self.reindexSecurity(obj)
+
+    security.declarePrivate('reindexSecurity')
+    def reindexSecurity(self, obj):
+        catalog = getToolByName(self, 'portal_catalog')
+        obj_path = '/'.join(obj.getPhysicalPath())
+        for brain in catalog.searchResults(path=obj_path):
+            ob = brain.getObject()
+            ob.reindexObject(idxs=['allowedRolesAndUsers'])
 
     security.declarePrivate('addMember')
     def addMember(self, id, password, roles, domains, properties=None):