Commit 046bef54 authored by Łukasz Nowak's avatar Łukasz Nowak

(Re)stabilise security.

Mainly give access for group/company to Hosting Subscription and its module.

As explicit is better then implicit give explicitly group/company access to
other modules and portal types even if access was already given by role/member.

Also use typical owner (zope) instead of artificial ones (admin or
ERP5TypeTestCase).
parent e9e71ba4
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-MEMBER'>
<item>Auditor</item>
<item>Author</item>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-COMPUTER'>
<item>Auditor</item>
</role>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-MEMBER'>
<item>Auditor</item>
<item>Author</item>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-MEMBER'>
<item>Auditor</item>
<item>Author</item>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-COMPUTER'>
<item>Author</item>
</role>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-COMPUTER'>
<item>Auditor</item>
</role>
......
......@@ -3,6 +3,10 @@
<role id='ERP5TypeTestCase'>
<item>Owner</item>
</role>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Auditor</item>
</role>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Assignor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Auditor</item>
<item>Author</item>
......
......@@ -4,7 +4,7 @@
<item>Auditor</item>
<item>Author</item>
</role>
<role id='admin'>
<role id='zope'>
<item>Owner</item>
</role>
</local_roles>
......
......@@ -4,7 +4,7 @@
<item>Auditor</item>
<item>Author</item>
</role>
<role id='admin'>
<role id='zope'>
<item>Owner</item>
</role>
</local_roles>
......
......@@ -4,7 +4,7 @@
<item>Auditor</item>
<item>Author</item>
</role>
<role id='admin'>
<role id='zope'>
<item>Owner</item>
</role>
</local_roles>
......
<local_roles_item>
<local_roles>
<role id='ERP5TypeTestCase'>
<item>Owner</item>
</role>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
......@@ -10,5 +7,8 @@
<role id='R-SHADOW-PERSON'>
<item>Author</item>
</role>
<role id='zope'>
<item>Owner</item>
</role>
</local_roles>
</local_roles_item>
\ No newline at end of file
<type_roles>
<role id='Auditor; Author'>
<property id='title'>Group Company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor; Author'>
<property id='title'>Member</property>
<multi_property id='category'>role/member</multi_property>
......
......@@ -4,6 +4,11 @@
<multi_property id='category'>role/computer</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Author; Auditor'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor; Author'>
<property id='title'>Member</property>
<multi_property id='category'>role/member</multi_property>
......
<type_roles>
<role id='Auditor; Author'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor; Author'>
<property id='title'>Member</property>
<multi_property id='category'>role/member</multi_property>
......
<type_roles>
<role id='Auditor; Author'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor; Author'>
<property id='title'>Member</property>
<multi_property id='category'>role/member</multi_property>
......
<type_roles>
<role id='Author; Auditor'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Author'>
<property id='title'>Security for Shacache (Author)</property>
<multi_property id='category'>role/member</multi_property>
......
<type_roles>
<role id='Assignor'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Security for Shacache (Auditor)</property>
<multi_property id='category'>role/member</multi_property>
......
......@@ -4,6 +4,11 @@
<multi_property id='category'>role/computer</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Author; Auditor'>
<property id='title'>Group Company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Instance</property>
<multi_property id='category'>role/instance</multi_property>
......
......@@ -4,6 +4,11 @@
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='base_category'>destination_section</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Group Company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Related Software Instance Group</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
......
<type_roles>
<role id='Assignor'>
<property id='title'>Group Company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor; Author'>
<property id='title'>Person Shadow</property>
<multi_property id='category'>role/shadow/person</multi_property>
......
<type_roles>
<role id='Author; Auditor'>
<property id='title'>Group Company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Person Shadow</property>
<multi_property id='category'>role/shadow/person</multi_property>
......
......@@ -147,16 +147,19 @@ class TestComputerModelModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.computer_model_module
self.assertSecurityGroup(module,
['R-MEMBER', 'zope'], False)
['G-COMPANY', 'R-MEMBER', 'zope'], False)
self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'zope', ['Owner'])
class TestComputerModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.computer_module
self.assertSecurityGroup(module,
['R-COMPUTER', 'R-MEMBER', 'R-SHADOW-PERSON', 'zope'], False)
['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', 'R-SHADOW-PERSON', 'zope'],
False)
self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(module, 'zope', ['Owner'])
......@@ -191,8 +194,9 @@ class TestComputerNetworkModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.computer_network_module
self.assertSecurityGroup(module,
['R-MEMBER', 'R-SHADOW-PERSON', 'zope'], False)
['G-COMPANY', 'R-MEMBER', 'R-SHADOW-PERSON', 'zope'], False)
self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(module, 'zope', ['Owner'])
......@@ -250,30 +254,34 @@ class TestCredentialUpdateModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.credential_update_module
self.assertSecurityGroup(module,
['zope', 'R-MEMBER'], False)
['zope', 'R-MEMBER', 'G-COMPANY'], False)
self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'zope', ['Owner'])
class TestDataSet(TestSlapOSGroupRoleSecurityMixin):
def test_AnyFromShadirGroup(self):
def test(self):
data_set = self.portal.data_set_module.newContent(portal_type='Data Set')
data_set.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(data_set,
[self.user_id, 'R-COMPUTER', 'R-INSTANCE', 'R-MEMBER'], False)
[self.user_id, 'G-COMPANY', 'R-COMPUTER', 'R-INSTANCE', 'R-MEMBER'],
False)
self.assertRoles(data_set, 'R-COMPUTER', ['Auditor'])
self.assertRoles(data_set, 'R-INSTANCE', ['Auditor'])
self.assertRoles(data_set, 'R-MEMBER', ['Auditor'])
self.assertRoles(data_set, 'G-COMPANY', ['Assignor'])
self.assertRoles(data_set, self.user_id, ['Owner'])
class TestDataSetModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.data_set_module
self.assertSecurityGroup(module,
['R-COMPUTER', 'R-INSTANCE', 'R-MEMBER', 'zope'], False)
['G-COMPANY', 'R-COMPUTER', 'R-INSTANCE', 'R-MEMBER', 'zope'], False)
self.assertRoles(module, 'R-COMPUTER', ['Author'])
self.assertRoles(module, 'R-INSTANCE', ['Author'])
self.assertRoles(module, 'R-MEMBER', ['Author'])
self.assertRoles(module, 'G-COMPANY', ['Author', 'Auditor'])
self.assertRoles(module, 'zope', ['Owner'])
class TestDocumentModule(TestSlapOSGroupRoleSecurityMixin):
......@@ -326,9 +334,11 @@ class TestHostingSubscription(TestSlapOSGroupRoleSecurityMixin):
portal_type='Hosting Subscription', reference=reference)
subscription.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(subscription, [self.user_id, reference], False)
self.assertSecurityGroup(subscription, [self.user_id, reference,
'G-COMPANY'], False)
self.assertRoles(subscription, reference, ['Assignor'])
self.assertRoles(subscription, self.user_id, ['Owner'])
self.assertRoles(subscription, 'G-COMPANY', ['Assignor'])
def test_CustomOfTheHostingSubscription(self):
customer_reference = 'TESTPERSON-%s' % self.generateNewId()
......@@ -341,19 +351,21 @@ class TestHostingSubscription(TestSlapOSGroupRoleSecurityMixin):
subscription.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(subscription, [self.user_id, reference,
customer_reference], False)
customer_reference, 'G-COMPANY'], False)
self.assertRoles(subscription, reference, ['Assignor'])
self.assertRoles(subscription, customer_reference, ['Assignee'])
self.assertRoles(subscription, self.user_id, ['Owner'])
self.assertRoles(subscription, 'G-COMPANY', ['Assignor'])
class TestHostingSubscriptionModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.hosting_subscription_module
self.assertSecurityGroup(module,
['R-COMPUTER', 'R-MEMBER', 'R-INSTANCE', 'zope'], False)
['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', 'R-INSTANCE', 'zope'], False)
self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
self.assertRoles(module, 'R-INSTANCE', ['Auditor'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'zope', ['Owner'])
class TestImage(TestSlapOSGroupRoleSecurityMixin):
......@@ -776,9 +788,9 @@ class TestSaleOrderModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.sale_order_module
self.assertSecurityGroup(module,
['G-COMPANY', 'admin'], True)
['G-COMPANY', 'zope'], True)
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'admin', ['Owner'])
self.assertRoles(module, 'zope', ['Owner'])
class TestSaleOrder(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self):
......@@ -794,9 +806,9 @@ class TestSalePackingListModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.sale_packing_list_module
self.assertSecurityGroup(module,
['G-COMPANY', 'admin'], False)
['G-COMPANY', 'zope'], False)
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'admin', ['Owner'])
self.assertRoles(module, 'zope', ['Owner'])
class TestSalePackingList(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self):
......@@ -946,9 +958,9 @@ class TestSaleTradeConditionModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.sale_trade_condition_module
self.assertSecurityGroup(module,
['G-COMPANY', 'admin'], False)
['G-COMPANY', 'zope'], False)
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'admin', ['Owner'])
self.assertRoles(module, 'zope', ['Owner'])
class TestSaleTradeCondition(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self):
......@@ -1405,8 +1417,9 @@ class TestIntegrationTool(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.portal_integrations
self.assertSecurityGroup(module,
['R-SHADOW-PERSON', 'ERP5TypeTestCase'], False)
['R-SHADOW-PERSON', 'ERP5TypeTestCase', 'G-COMPANY'], False)
self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'ERP5TypeTestCase', ['Owner'])
class TestIntegrationSite(TestSlapOSGroupRoleSecurityMixin):
......@@ -1415,18 +1428,19 @@ class TestIntegrationSite(TestSlapOSGroupRoleSecurityMixin):
product = module.newContent(
portal_type='Integration Site')
self.assertSecurityGroup(product,
['R-SHADOW-PERSON', self.user_id], False)
['R-SHADOW-PERSON', self.user_id, 'G-COMPANY'], False)
self.assertRoles(product, 'R-SHADOW-PERSON', ['Auditor', 'Author'])
self.assertRoles(product, 'G-COMPANY', ['Assignor'])
self.assertRoles(product, self.user_id, ['Owner'])
class TestSystemEventModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.system_event_module
self.assertSecurityGroup(module,
['R-SHADOW-PERSON', 'ERP5TypeTestCase', 'G-COMPANY'], False)
['R-SHADOW-PERSON', 'zope', 'G-COMPANY'], False)
self.assertRoles(module, 'R-SHADOW-PERSON', ['Author'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'ERP5TypeTestCase', ['Owner'])
self.assertRoles(module, 'zope', ['Owner'])
class TestPayzenEvent(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self):
......
145
\ No newline at end of file
146
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment