[CMF-checkins] CVS: CMF/CMFCore - MembershipTool.py:1.23 PortalFolder.py:1.36

Florent Guillaume fg@nuxeo.com
Thu, 4 Jul 2002 04:41:27 -0400


Update of /cvs-repository/CMF/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv28416/CMFCore

Modified Files:
	MembershipTool.py PortalFolder.py 
Log Message:
Made reindexation of object security work correctly for CatalogAware
containers (PathIndex is such that it doesn't give us the container
itself).

Made all reindexObject methods everywhere accept the optional idxs
argument, even if it's not used.


=== CMF/CMFCore/MembershipTool.py 1.22 => 1.23 ===
 from Globals import InitializeClass, DTMLFile, MessageDialog, \
      PersistentMapping
+from Acquisition import aq_base
 from AccessControl.User import nobody
 from AccessControl import ClassSecurityInfo
 from CMFCorePermissions import ManagePortal
 import CMFCorePermissions
 from ActionProviderBase import ActionProviderBase
-import Acquisition
 
 default_member_content = '''Default page for %s
  
@@ -371,7 +371,7 @@
                     obj.manage_setLocalRoles( member_id, roles )
 
         if reindex:
-            self.reindexSecurity(obj)
+            self.reindexObjectSecurity(obj)
 
     security.declareProtected(CMFCorePermissions.View, 'deleteLocalRoles')
     def deleteLocalRoles( self, obj, member_ids, reindex=1 ):
@@ -383,15 +383,32 @@
             obj.manage_delLocalRoles( userids=member_ids )
 
         if reindex:
-            self.reindexSecurity(obj)
+            self.reindexObjectSecurity(obj)
 
-    security.declarePrivate('reindexSecurity')
-    def reindexSecurity(self, obj):
-        catalog = getToolByName(self, 'portal_catalog')
-        obj_path = '/'.join(obj.getPhysicalPath())
-        for brain in catalog.searchResults(path=obj_path):
-            ob = brain.getObject()
-            ob.reindexObject(idxs=['allowedRolesAndUsers'])
+    # This is not in CMFCatalogAware because all catalogged objects
+    # are not necessarily CatalogAware, especially folders.
+    security.declareProtected(CMFCorePermissions.ModifyPortalContent,
+                              'reindexObjectSecurity')
+    def reindexObjectSecurity(self, obj):
+        """
+            Reindex security-related indexes on the object
+            (and its descendants).
+        """
+        catalog = getToolByName(self, 'portal_catalog', None)
+        if catalog is not None:
+            path = '/'.join(obj.getPhysicalPath())
+            for brain in catalog.searchResults(path=path):
+                ob = brain.getObject()
+                catalog.reindexObject(ob, idxs=['allowedRolesAndUsers'])
+
+            # We must also reindex the object itself, as the PathIndex
+            # only gave us the descendants. We have no way to do it
+            # reliably, and we don't want to reindex objects that
+            # weren't indexed in the first place. As a heuristic, check
+            # if the object has a reindexObject method, and use it.
+
+            if hasattr(aq_base(obj), 'reindexObject'):
+                obj.reindexObject(idxs=['allowedRolesAndUsers'])
 
     security.declarePrivate('addMember')
     def addMember(self, id, password, roles, domains, properties=None):


=== CMF/CMFCore/PortalFolder.py 1.35 => 1.36 ===
         return None
 
-    def reindexObject( self ):
+    def reindexObject( self, idxs=[] ):
         """
             Make content-assuming factory mechanism happy.
         """