slapos_erp5: Update security for ERP5

master/bt5/slapos_erp5/LocalRolesTemplateItem/upgrade_decision_module.xml

+<local_roles_item>
+ <local_roles>
+  <role id='G-COMPANY'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
+  <role id='R-MEMBER'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
+  <role id='zope'>
+   <item>Owner</item>
+  </role>
+ </local_roles>
+</local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Restricted%20Access%20Token.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Group company</property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Upgrade%20Decision%20Module.xml

+<type_roles>
+  <role id='Author; Auditor'>
+   <property id='title'>Group company</property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+  <role id='Auditor; Author'>
+   <property id='title'>Member</property>
+   <multi_property id='category'>role/member</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Upgrade%20Decision.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Group company</property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>User</property>
+   <property id='description'>Monovalued role</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='base_category'>destination_decision</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml

@@ -55,4 +55,8 @@
   <type>Software Instance</type>
   <workflow>local_permission_slapos_interaction_workflow</workflow>
  </chain>
+ <chain>
+  <type>Upgrade Decision</type>
+  <workflow>local_permission_slapos_interation_workflow</workflow>
+ </chain>
 </workflow_chain>
\ No newline at end of file

master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5GroupRoleSecurity.py

@@ -2002,6 +2002,16 @@ class TestOneTimeRestrictedAccessToken(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
+class TestRestrictedAccessToken(TestSlapOSGroupRoleSecurityMixin):
+  def test_GroupCompany(self):
+    product = self.portal.access_token_module.newContent(
+        portal_type='Restricted Access Token')
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product,
+        ['G-COMPANY', self.user_id], False)
+    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+
 class TestConsumptionDocumentModule(TestSlapOSGroupRoleSecurityMixin):
   def test(self):
     module = self.portal.consumption_document_module
@@ -2040,3 +2050,37 @@ class TestCloudContract(TestSlapOSGroupRoleSecurityMixin):
         False)
     self.assertRoles(text, 'G-COMPANY', ['Assignor'])
     self.assertRoles(text, self.user_id, ['Owner'])
+
+class TestUpgradeDecisionModule(TestSlapOSGroupRoleSecurityMixin):
+  def test(self):
+    module = self.portal.upgrade_decision_module
+    self.assertSecurityGroup(module,
+        ['G-COMPANY', 'R-MEMBER', 'zope'], True)
+    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
+    self.assertRoles(module, 'zope', ['Owner'])
+
+class TestUpgradeDecision(TestSlapOSGroupRoleSecurityMixin):
+  def test_GroupCompany(self):
+    product = self.portal.upgrade_decision_module.newContent(
+        portal_type='Upgrade Decision')
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product,
+        ['G-COMPANY', self.user_id], False)
+    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+
+  def test_Customer(self):
+    reference = 'TESTPERSON-%s' % self.generateNewId()
+    person = self.portal.person_module.newContent(portal_type='Person',
+        reference=reference)
+    product = self.portal.upgrade_decision_module.newContent(
+        portal_type='Upgrade Decision',
+        destination_decision_value=person,
+        )
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product,
+        ['G-COMPANY', reference, self.user_id], False)
+    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(product, reference, ['Assignee'])
+    self.assertRoles(product, self.user_id, ['Owner'])

master/bt5/slapos_erp5/bt/revision

-174
\ No newline at end of file
+175
\ No newline at end of file

master/bt5/slapos_erp5/bt/template_local_role_list

@@ -70,4 +70,5 @@ support_request_module
 support_request_module/slapos_crm_support_request_template
 system_event_module
 transformation_module
+upgrade_decision_module
 web_page_module
\ No newline at end of file

master/bt5/slapos_erp5/bt/template_local_roles_list

@@ -57,11 +57,11 @@ sale_order_module
 sale_packing_list_module
 sale_trade_condition_module
 service_module
+service_module/slapos_account_validation
 service_module/slapos_discount
 service_module/slapos_instance_subscription
 service_module/slapos_netdrive_consumption
 service_module/slapos_tax
-service_module/slapos_account_validation
 software_installation_module
 software_instance_module
 software_product_module
@@ -70,4 +70,5 @@ support_request_module
 support_request_module/slapos_crm_support_request_template
 system_event_module
 transformation_module
+upgrade_decision_module
 web_page_module
\ No newline at end of file

master/bt5/slapos_erp5/bt/template_portal_type_role_list

@@ -82,6 +82,7 @@ Query
 Query Module
 Regularisation Request
 Regularisation Request Module
+Restricted Access Token
 Sale Invoice Transaction
 Sale Opportunity
 Sale Opportunity Module
@@ -111,6 +112,8 @@ System Event Module
 Text
 Transformation
 Transformation Module
+Upgrade Decision
+Upgrade Decision Module
 Visit
 Web Message
 Web Page

master/bt5/slapos_erp5/bt/template_portal_type_roles_list

@@ -82,6 +82,7 @@ Query
 Query Module
 Regularisation Request
 Regularisation Request Module
+Restricted Access Token
 Sale Invoice Transaction
 Sale Opportunity
 Sale Opportunity Module
@@ -111,6 +112,8 @@ System Event Module
 Text
 Transformation
 Transformation Module
+Upgrade Decision
+Upgrade Decision Module
 Visit
 Web Message
 Web Page

master/bt5/slapos_erp5/bt/template_portal_type_workflow_chain_list

@@ -11,4 +11,5 @@ Sale Invoice Transaction | local_permission_slapos_interaction_workflow
 Sale Packing List | local_permission_slapos_interaction_workflow
 Slave Instance | local_permission_slapos_interaction_workflow
 Software Installation | local_permission_slapos_interaction_workflow
-Software Instance | local_permission_slapos_interaction_workflow
\ No newline at end of file
+Software Instance | local_permission_slapos_interaction_workflow
+Upgrade Decision | local_permission_slapos_interation_workflow
\ No newline at end of file