Ticket #4245: trac.get_users_with_permission.v2.patch

ticket/api.py

@@ -103 +103 @@
         if self.restrict_owner:
             field['type'] = 'select'
             perm = PermissionSystem(self.env)
-            def valid_owner(username):
-                return perm.get_user_permissions(username).get('TICKET_MODIFY')
-            field['options'] = [username for username, name, email
-                                in self.env.get_known_users()
-                                if valid_owner(username)]
+            field['options'] = perm.get_users_with_permission('TICKET_MODIFY')
             field['optional'] = True
         else:
             field['type'] = 'text'

perm.py

@@ -60 +60 @@
         of the permission, and the value is either `True` for granted
         permissions or `False` for explicitly denied permissions."""
 
+    def get_users_with_permissions(self, permissions):
+        """Retrieve a list of users that have any of the specified permissions
+
+        Users are returned as a list of usernames."""
+
     def get_all_permissions():
         """Return all permissions for all users.
 
@@ -126 +131 @@
                 break
         return [action for action in actions if not action.islower()]
 
+    def get_users_with_permissions(self, permissions):
+        """Retrieve a list of users that have any of the specified permissions
+        
+        Users are returned as a list of usernames."""
+        db = self.env.get_db_cnx()
+        cursor = db.cursor()
+        groups = permissions
+        valid_users = set(self.env.get_known_users())
+        resultusers = set()
+        # First iteration finds all users and groups that have any of the
+        # needed permissions. Subsequent iterations expand groups recursively
+        # and merge the results
+        while len(groups):
+            cursor.execute("SELECT p.username, COUNT(member.username) AS nummembers FROM permission AS p "+
+                "LEFT JOIN permission AS member ON member.action = p.username" +
+                "WHERE p.action IN (%s) GROUP BY p.username"
+                % (', '.join(['%s'] * len(groups))),
+                groups
+            )
+            groups = []
+            for username, nummembers in cursor:
+                if username in valid_users:
+                    resultusers.add(username)
+                elif nummembers:
+                    groups.append(username)
+        return list(resultusers)
+
     def get_all_permissions(self):
         """Return all permissions for all users.
 
@@ -243 +275 @@
         formatted tuples."""
         return self.store.get_all_permissions()
 
+    def get_users_with_permission(self, permission):
+        """Return all users that have the specified permission
+        
+        Users are returned as a list of usernames"""
+        # this should probably be cached
+        parentMap = {}
+        for requestor in self.requestors:
+            for action in requestor.get_permission_actions():
+                if isinstance(action, tuple):
+                    for child in action[1]:
+                        if (parentMap.has_key(child) == False):
+                            parentMap[child] = []
+                        parentMap[child] += [action[0]]
+        satisfyingPermissions = {}
+        def _append_with_parents(action):
+            # avoid unneccesary work and infinite loops
+            if (satisfyingPermissions.has_key(action)):
+                return
+            satisfyingPermissions[action] = True
+            if parentMap.has_key(action):
+                for parentaction in parentMap[action]:
+                    _append_with_parents(parentaction)
+        _append_with_parents(permission)
+        return self.store.get_users_with_permissions(satisfyingPermissions.keys())
+
     # IPermissionRequestor methods
 
     def get_permission_actions(self):