Give access to shadow user on payment transaction.

ccd5e55a · Romain Courteaud · 1fc2b56e · ccd5e55a · ccd5e55a · ccd5e55a
Commit ccd5e55a authored Dec 10, 2012 by Romain Courteaud
8 changed files
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
@@ -4,4 +4,10 @@
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Shadow User</property>
+   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
+   <property id='base_category_script'>PaymentTransactionType_getSecurityCategoryFromUser</property>
+   <multi_property id='base_category'>aggregate</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml
+++ b/master/bt5/slapos_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml
@@ -15,6 +15,10 @@
  <type>Hosting Subscription</type>
  <workflow>local_permission_slapos_interaction_workflow</workflow>
 </chain>
+ <chain>
+  <type>Payment Transaction</type>
+  <workflow>local_permission_slapos_interaction_workflow</workflow>
+ </chain>
 <chain>
  <type>Person</type>
  <workflow>local_permission_slapos_interaction_workflow</workflow>

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PaymentTransactionType_getSecurityCategoryFromUser.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PaymentTransactionType_getSecurityCategoryFromUser.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string>"""\n
+This script returns a list of dictionaries which represent\n
+the security groups which a person is member of. It extracts\n
+the categories from the current content. It is useful in the\n
+following cases:\n
+\n
+- calculate a security group based on a given\n
+  category of the current object (ex. group). This\n
+  is used for example in ERP5 DMS to calculate\n
+  document security.\n
+\n
+- assign local roles to a document based on\n
+  the person which the object related to through\n
+  a given base category (ex. destination). This\n
+  is used for example in ERP5 Project to calculate\n
+  Task / Task Report security.\n
+\n
+The parameters are\n
+\n
+  base_category_list -- list of category values we need to retrieve\n
+  user_name          -- string obtained from getSecurityManager().getUser().getId()\n
+  object             -- object which we want to assign roles to\n
+  portal_type        -- portal type of object\n
+\n
+NOTE: for now, this script requires proxy manager\n
+"""\n
+\n
+category_list = []\n
+\n
+if obj is None:\n
+  return []\n
+\n
+person = obj.getDestinationSectionValue(portal_type="Person")\n
+if person is not None:\n
+  for base_category in base_category_list:\n
+    return {"Auditor": ["SHADOW-%s" % person.getReference()]}\n
+\n
+return category_list\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>base_category_list, user_name, obj, portal_type</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>PaymentTransactionType_getSecurityCategoryFromUser</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5GroupRoleSecurity.py
@@ -841,6 +841,23 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
    self.assertRoles(product, self.user_id, ['Owner'])

+  def test_ShadowUser(self):
+    reference = 'TESTPERSON-%s' % self.generateNewId()
+    person = self.portal.person_module.newContent(portal_type='Person',
+        reference=reference)
+    product = self.portal.accounting_module.newContent(
+        portal_type='Payment Transaction')
+    product.edit(
+        destination_section_value=person,
+        )
+    product.updateLocalRolesOnSecurityGroups()
+    shadow_reference = 'SHADOW-%s' % reference
+    self.assertSecurityGroup(product,
+        ['G-COMPANY', self.user_id, shadow_reference], False)
+    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(product, shadow_reference, ['Auditor'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+
 class TestPurchaseInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
  def test_GroupCompany(self):
    product = self.portal.accounting_module.newContent(

--- a/master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
@@ -261,3 +261,19 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
    self.assertSecurityGroup(slave_instance, [self.user_id, 'G-COMPANY',
        software_instance.getReference(), computer.getReference(),
        hosting_subscription.getReference()], False)
+
+  def test_PaymentTransaction_setDestinationSection(self):
+    self._makePerson()
+    payment_transaction = self.portal.accounting_module.newContent(
+        portal_type='Payment Transaction')
+    self.assertSecurityGroup(payment_transaction, [self.user_id,
+        'G-COMPANY'],
+        False)
+
+    payment_transaction.edit(
+        destination_section=self.person_user.getRelativeUrl())
+    transaction.commit()
+
+    self.assertSecurityGroup(payment_transaction, [self.user_id,
+        'G-COMPANY', 'SHADOW-%s' % self.person_user.getReference()],
+        False)
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interactions/PaymentTransaction_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interactions/PaymentTransaction_edit.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="InteractionDefinition" module="Products.ERP5.Interaction"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>actbox_category</string> </key>
+            <value> <string>workflow</string> </value>
+        </item>
+        <item>
+            <key> <string>actbox_name</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>actbox_url</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>activate_script_name</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>after_script_name</string> </key>
+            <value>
+              <list>
+                <string>Base_updateAllLocalRoles</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>before_commit_script_name</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>guard</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>PaymentTransaction_edit</string> </value>
+        </item>
+        <item>
+            <key> <string>method_id</string> </key>
+            <value>
+              <list>
+                <string>_setDestinationSection.*</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>once_per_transaction</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>portal_type_filter</string> </key>
+            <value>
+              <list>
+                <string>Payment Transaction</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>script_name</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>temporary_document_disallowed</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>trigger_type</string> </key>
+            <value> <int>2</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/bt/revision
+++ b/master/bt5/slapos_erp5/bt/revision
-130
\ No newline at end of file
+131
\ No newline at end of file
--- a/master/bt5/slapos_erp5/bt/template_portal_type_workflow_chain_list
+++ b/master/bt5/slapos_erp5/bt/template_portal_type_workflow_chain_list
@@ -2,6 +2,7 @@ Computer Model | local_permission_slapos_interaction_workflow
 Computer Network | local_permission_slapos_interaction_workflow
 Computer | local_permission_slapos_interaction_workflow
 Hosting Subscription | local_permission_slapos_interaction_workflow
+Payment Transaction | local_permission_slapos_interaction_workflow
 Person | local_permission_slapos_interaction_workflow
 Slave Instance | local_permission_slapos_interaction_workflow
 Software Installation | local_permission_slapos_interaction_workflow