From b5b946a9ffe78c8c1adb6eb94acc511811507d3d Mon Sep 17 00:00:00 2001
From: Romain Courteaud <romain@nexedi.com>
Date: Thu, 5 Dec 2024 09:39:08 +0000
Subject: [PATCH] slapos_erp5: customer must be able to create token for slapos
 client

---
 .../LocalRolesTemplateItem/access_token_module.xml          | 4 ++++
 .../PortalTypeRolesTemplateItem/Access%20Token%20Module.xml | 6 ++++++
 .../test.erp5.testSlapOSERP5GroupRoleSecurity.py            | 3 ++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/master/bt5/slapos_erp5/LocalRolesTemplateItem/access_token_module.xml b/master/bt5/slapos_erp5/LocalRolesTemplateItem/access_token_module.xml
index b5a26cfa1..41912771e 100644
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/access_token_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/access_token_module.xml
@@ -1,11 +1,15 @@
 <local_roles_item>
  <local_roles>
+  <role id='F-CUSTOMER'>
+   <item>Author</item>
+  </role>
   <role id='F-PRODUCTION*'>
    <item>Author</item>
   </role>
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
+    <principal id='F-CUSTOMER'>Author</principal>
     <principal id='F-PRODUCTION*'>Author</principal>
   </local_role_group_id>
  </local_role_group_ids>
diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Access%20Token%20Module.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Access%20Token%20Module.xml
index 8cfce96f8..ba375be4c 100644
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Access%20Token%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Access%20Token%20Module.xml
@@ -1,4 +1,10 @@
 <type_roles>
+  <role id='Author'>
+   <property id='title'>Customer</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Author'>
    <property id='title'>Production</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
diff --git a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
index 2a5cd87b5..c317a5f88 100644
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -2034,8 +2034,9 @@ class TestAccessTokenModule(TestSlapOSGroupRoleSecurityMixin):
   def test_AccessTokenModule(self):
     module = self.portal.access_token_module
     self.assertSecurityGroup(module,
-        ['F-PRODUCTION*', module.Base_getOwnerId()], False)
+        ['F-PRODUCTION*', 'F-CUSTOMER', module.Base_getOwnerId()], False)
     self.assertRoles(module, 'F-PRODUCTION*', ['Author'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Author'])
     self.assertRoles(module, module.Base_getOwnerId(), ['Owner'])
 
 
-- 
2.30.9