diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml index ca0a7ffd5f044875e3fb2130e44c837ef6e94c10..ba77f2f4c3642d8da9926b1254dd698281d74711 100644 --- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml +++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml @@ -52,11 +52,8 @@ <key> <string>_body</string> </key> <value> <string>permission_list = context.possible_permissions()\n \n -# First, remove all permissions (very secure by default)\n -# We should keep only Manager, or we will not be able to\n -# do the end of the script\n -for permission in permission_list:\n - context.manage_permission(permission, [\'Manager\'], 0)\n +# First, only Manager has the permission by default\n +manager_permission_list = permission_list\n \n # Then, define default ERP5 permissions\n common_permission_list = [p for p in [\n @@ -91,7 +88,7 @@ erp5_role_dict = {\n \'Associate\': common_permission_list + auditor_permission_list,\n \'Auditor\' : common_permission_list + auditor_permission_list,\n \'Author\': common_permission_list + author_permission_list,\n - \'Manager\': permission_list\n + \'Manager\': manager_permission_list\n }\n \n # Add ERP5 permissions\n @@ -102,8 +99,12 @@ for role,permission_list in erp5_role_dict.items():\n erp5_permission_dict[permission] = []\n erp5_permission_dict[permission].append(role)\n \n -for permission,role_list in erp5_permission_dict.items():\n - context.manage_permission(permission,role_list, 0)\n +for permission,role_list in sorted(erp5_permission_dict.items()):\n + # Acquire permission if the role list is same as parent\n + if sorted([x[\'name\'] for x in context.aq_parent.rolesOfPermission(permission) if x[\'selected\']]) == sorted(role_list):\n + context.manage_permission(permission, [], 1)\n + else:\n + context.manage_permission(permission,role_list, 0)\n \n return "finished"\n </string> </value>