Give shadow access on persons.

master/bt5/slapos_erp5/LocalRolesTemplateItem/person_module.xml

@@ -7,6 +7,9 @@
   <role id='R-MEMBER'>
    <item>Auditor</item>
   </role>
+  <role id='R-SHADOW-PERSON'>
+   <item>Auditor</item>
+  </role>
   <role id='zope'>
    <item>Owner</item>
   </role>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person%20Module.xml

@@ -9,4 +9,9 @@
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml

@@ -4,9 +4,17 @@
    <multi_property id='category'>group/company</multi_property>
    <multi_property id='base_category'>group</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>The Shadow User Himself</property>
+   <property id='description'>Monovalued role</property>
+   <property id='condition'>python: here.getReference('') != ''</property>
+   <property id='base_category_script'>PersonType_getSecurityCategoryFromSelfShadow</property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
   <role id='Associate'>
    <property id='title'>The User Himself</property>
    <property id='description'>Monovalued role</property>
+   <property id='condition'>python: here.getReference('') != ''</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
    <multi_property id='base_category'>group</multi_property>
   </role>

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PersonType_getSecurityCategoryFromSelfShadow.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string>"""\n
+This script returns a list of dictionaries which represent\n
+the security groups which a person is member of. It extracts\n
+the categories from the current content and associates\n
+it to a given base_category. It is useful in the\n
+following cases:\n
+\n
+- calculate a security group based current object \n
+  in the context of a base category (ex. source_project).\n
+  This is used for example in ERP5 DMS to calculate\n
+  project security.\n
+\n
+The parameters are\n
+\n
+  base_category_list -- list of category values we need to retrieve\n
+  user_name          -- string obtained from getSecurityManager().getUser().getId()\n
+  object             -- object which we want to assign roles to\n
+  portal_type        -- portal type of object\n
+\n
+NOTE: for now, this script requires proxy manager\n
+"""\n
+\n
+category_list = []\n
+\n
+if obj is None:\n
+  return []\n
+\n
+return {\'Auditor\': [\'SHADOW-%s\' % obj.getReference()]}\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>base_category_list, user_name, obj, portal_type</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>PersonType_getSecurityCategoryFromSelfShadow</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5GroupRoleSecurity.py

@@ -440,19 +440,22 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin):
         reference=reference)
     person.updateLocalRolesOnSecurityGroups()
 
+    shadow_reference = 'SHADOW-%s' % reference
     self.assertSecurityGroup(person,
-        ['G-COMPANY', self.user_id, reference], False)
+        ['G-COMPANY', self.user_id, reference, shadow_reference], False)
     self.assertRoles(person, 'G-COMPANY', ['Assignor'])
     self.assertRoles(person, reference, ['Associate'])
+    self.assertRoles(person, shadow_reference, ['Auditor'])
     self.assertRoles(person, self.user_id, ['Owner'])
 
 class TestPersonModule(TestSlapOSGroupRoleSecurityMixin):
   def test(self):
     module = self.portal.person_module
     self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-MEMBER', 'zope'], False)
+        ['G-COMPANY', 'R-MEMBER', 'zope', 'R-SHADOW-PERSON'], False)
     self.assertRoles(module, 'R-MEMBER', ['Auditor'])
     self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(module, 'zope', ['Owner'])
 
 class TestPresentation(TestSlapOSGroupRoleSecurityMixin):

master/bt5/slapos_erp5/bt/revision

-138
+139
\ No newline at end of file