Merge pull request #285 from euphorie/scrum-2640-reindex-manage-ldap-…

…users-recursively Reindex managerRolesAndUsers recursively when managing ldap users
euphorie · Oct 29, 2024 · dce906b · dce906b
2 parents cc4793c + ecc6cfc
commit dce906b
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 1 deletion.
diff --git a/docs/changes.rst b/docs/changes.rst
@@ -4,6 +4,10 @@ Changelog
 10.0.3 (unreleased)
 -------------------
 
+- Also update admin index for sectors and tools when managing ldap users. 
+  (`#2640 <https://github.com/syslabcom/scrum/issues/2640>`_)
+  [reinhardt]
+
 - Action Plan: Strip HTML from comments
   (`#2763 <https://github.com/syslabcom/scrum/issues/2763>`_)
   [reinhardt]

diff --git a/src/osha/oira/content/browser/manage_ldap_users.py b/src/osha/oira/content/browser/manage_ldap_users.py
@@ -3,6 +3,11 @@
 from plone.memoize.view import memoize_contextless
 from Products.Five import BrowserView
 
+import logging
+
+
+logger = logging.getLogger(__name__)
+
 
 class BaseManageLDAPUsersView(BrowserView):
     _roles = set()
@@ -67,6 +72,20 @@ def revoke_roles(self, user):
             obj=self.context,
         )
 
+    def reindex_manager_roles(self, obj):
+        """Reindex `managerRolesAndUsers` index for `obj` and its contents recursively.
+        Based on Products.CMFCore.CMFCatalogAware.CatalogAware.reindexObjectSecurity
+        """
+        catalog = api.portal.get_tool("portal_catalog")
+        path = "/".join(obj.getPhysicalPath())
+        for brain in catalog.unrestrictedSearchResults(path=path):
+            try:
+                ob = brain._unrestrictedGetObject()
+            except (AttributeError, KeyError):
+                # don't fail on catalog inconsistency
+                continue
+            ob.reindexObject(idxs=["managerRolesAndUsers"])
+
     def maybe_manage_local_roles(self):
         """Check the request and see if we should mange some user local
         roles."""
@@ -83,7 +102,7 @@ def maybe_manage_local_roles(self):
             self.grant_roles(user)
         elif ldap_action == "revoke":
             self.revoke_roles(user)
-        self.context.reindexObject(idxs=["managerRolesAndUsers"])
+        self.reindex_manager_roles(self.context)
 
     def __call__(self):
         self.maybe_manage_local_roles()