Mercurial > p > roundup > code

changeset 8139:de58ff07890e permission-performance

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Rename parameter of hasPermission Rename only_no_check to skip_permissions_with_check. Revert explicit no-properties check in Permission.searchable, this check is already taken care of by the _properties_dict check. Add a comment on what _properties_dict does.
author Ralf Schlatterbeck <rsc@runtux.com>
date Thu, 24 Oct 2024 09:19:25 +0200
parents 5a2b9435a04d
children 67a0fc4f9934
files roundup/hyperdb.py roundup/security.py
diffstat 2 files changed, 8 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/roundup/hyperdb.py	Wed Oct 23 17:46:05 2024 +0200
+++ b/roundup/hyperdb.py	Thu Oct 24 09:19:25 2024 +0200
@@ -1817,7 +1817,7 @@
         item_ids = self.filter(search_matches, filterspec, sort, group,
                                retired, exact_match_spec, limit, offset)
         check = sec.hasPermission
-        if check(permission, userid, cn, only_no_check = True):
+        if check(permission, userid, cn, skip_permissions_with_check = True):
             allowed = item_ids
         else:
             debug = self.db.config.RDBMS_DEBUG_FILTER
--- a/roundup/security.py	Wed Oct 23 17:46:05 2024 +0200
+++ b/roundup/security.py	Thu Oct 24 09:19:25 2024 +0200
@@ -122,6 +122,8 @@
             return 0
 
         # what about property?
+        # Note that _properties_dict always returns True if it was
+        # initialized with empty properties
         if property is not None and not self._properties_dict[property]:
             return 0
 
@@ -159,11 +161,9 @@
         if self.check:
             return 0
 
-        # Allow if we have access to *all* properties
-        if self.properties is None:
-            return 1
-
         # what about property?
+        # Note that _properties_dict always returns True if it was
+        # initialized with empty properties
         if not self._properties_dict[property]:
             return 0
 
@@ -362,7 +362,8 @@
                                                                   classname))
 
     def hasPermission(self, permission, userid, classname=None,
-                      property=None, itemid=None, only_no_check=False):
+                      property=None, itemid=None,
+                      skip_permissions_with_check=False):
         '''Look through all the Roles, and hence Permissions, and
            see if "permission" exists given the constraints of
            classname, property, itemid, and props_only.
@@ -398,7 +399,7 @@
         # expensive than the ones without. So we check the ones without
         # a check method first
         checklist = (False, True)
-        if only_no_check:
+        if skip_permissions_with_check:
             checklist = (False,)
         for has_check in checklist:
             for rolename in self.db.user.get_roles(userid):
Roundup Issue Tracker: http://roundup-tracker.org/