Index: ticket/api.py =================================================================== --- ticket/api.py (revision 4624) +++ ticket/api.py (working copy) @@ -103,11 +103,7 @@ if self.restrict_owner: field['type'] = 'select' perm = PermissionSystem(self.env) - def valid_owner(username): - return perm.get_user_permissions(username).get('TICKET_MODIFY') - field['options'] = [username for username, name, email - in self.env.get_known_users() - if valid_owner(username)] + field['options'] = perm.get_users_with_permission('TICKET_MODIFY') field['optional'] = True else: field['type'] = 'text' Index: perm.py =================================================================== --- perm.py (revision 4624) +++ perm.py (working copy) @@ -60,6 +60,11 @@ of the permission, and the value is either `True` for granted permissions or `False` for explicitly denied permissions.""" + def get_users_with_permissions(self, permissions): + """Retrieve a list of users that have any of the specified permissions + + Users are returned as a list of usernames.""" + def get_all_permissions(): """Return all permissions for all users. @@ -126,6 +131,33 @@ break return [action for action in actions if not action.islower()] + def get_users_with_permissions(self, permissions): + """Retrieve a list of users that have any of the specified permissions + + Users are returned as a list of usernames.""" + db = self.env.get_db_cnx() + cursor = db.cursor() + groups = permissions + valid_users = set(self.env.get_known_users()) + resultusers = set() + # First iteration finds all users and groups that have any of the + # needed permissions. Subsequent iterations expand groups recursively + # and merge the results + while len(groups): + cursor.execute("SELECT p.username, COUNT(member.username) AS nummembers FROM permission AS p "+ + "LEFT JOIN permission AS member ON member.action = p.username" + + "WHERE p.action IN (%s) GROUP BY p.username" + % (', '.join(['%s'] * len(groups))), + groups + ) + groups = [] + for username, nummembers in cursor: + if username in valid_users: + resultusers.add(username) + elif nummembers: + groups.append(username) + return list(resultusers) + def get_all_permissions(self): """Return all permissions for all users. @@ -243,6 +275,31 @@ formatted tuples.""" return self.store.get_all_permissions() + def get_users_with_permission(self, permission): + """Return all users that have the specified permission + + Users are returned as a list of usernames""" + # this should probably be cached + parentMap = {} + for requestor in self.requestors: + for action in requestor.get_permission_actions(): + if isinstance(action, tuple): + for child in action[1]: + if (parentMap.has_key(child) == False): + parentMap[child] = [] + parentMap[child] += [action[0]] + satisfyingPermissions = {} + def _append_with_parents(action): + # avoid unneccesary work and infinite loops + if (satisfyingPermissions.has_key(action)): + return + satisfyingPermissions[action] = True + if parentMap.has_key(action): + for parentaction in parentMap[action]: + _append_with_parents(parentaction) + _append_with_parents(permission) + return self.store.get_users_with_permissions(satisfyingPermissions.keys()) + # IPermissionRequestor methods def get_permission_actions(self):