slapos_erp5: only accountant can read/write accounting transactions.

Ledger is used as write condition

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
    <item>Auditor</item>
    <item>Author</item>
   </role>
@@ -12,9 +12,9 @@
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
+    <principal id='F-ACCOUNTING'>Author</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Assignor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/slapos_pre_payment_template.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
    <item>Assignee</item>
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Assignee</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/slapos_wechat_pre_payment_template.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
    <item>Assignee</item>
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Assignee</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_contract_sale_invoice_transaction.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
    <item>Assignee</item>
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Assignee</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_pre_payment_subscription_sale_invoice_transaction.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
    <item>Assignee</item>
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Assignee</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_sale_invoice_transaction.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
    <item>Assignee</item>
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Assignee</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_wechat_pre_payment_subscription_sale_invoice_transaction.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
    <item>Assignee</item>
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Assignee</principal>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction%20Module.xml

 <type_roles>
   <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Accountant</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>
    <property id='title'>Member</property>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction.xml

 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Group company</property>
+   <property id='title'>Writable for Accountant</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Balance%20Transaction.xml

 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Group company</property>
+   <property id='title'>Writable for Accountant</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml

 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <property id='condition'>python: context.getLedger("") != "automated"</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
   <role id='Assignee'>
    <property id='title'>Person Shadow</property>
    <property id='condition'>python: here.getDestinationSection('', portal_type='Person') == ""</property>
@@ -13,6 +6,13 @@
    <multi_property id='category'>role/shadow/person</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Auditor'>
    <property id='title'>Shadow User</property>
    <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
@@ -27,4 +27,11 @@
    <multi_property id='categories'>local_role_group/user</multi_property>
    <multi_property id='base_category'>destination_section</multi_property>
   </role>
+  <role id='Assignor'>
+   <property id='title'>Writable for Accountant</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Purchase%20Invoice%20Transaction.xml

 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Group company</property>
+   <property id='title'>Writable for Accountant</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Regularisation%20Request.xml

@@ -6,6 +6,12 @@
    <multi_property id='categories'>local_role_group/user</multi_property>
    <multi_property id='base_category'>destination_decision</multi_property>
   </role>
+  <role id='Assignor'>
+   <property id='title'>Group company</property>
+   <multi_property id='categories'>local_role_group/group</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
   <role id='Auditor'>
    <property id='title'>Member can see template</property>
    <property id='condition'>python: here.getRelativeUrl() == here.getPortalObject().portal_preferences.getPreferredRegularisationRequestTemplate()</property>
@@ -13,12 +19,4 @@
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
-  <role id='Assignor'>
-   <property id='title'>Project Compute Node Manager</property>
-   <property id='description'>XXX project local role group</property>
-   <property id='condition'>python: context.getSourceProject("", portal_type='Project') != ""</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
-   <multi_property id='category'>function/computer/manager</multi_property>
-   <multi_property id='base_category'>source_project</multi_property>
-  </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Invoice%20Transaction.xml

 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <property id='condition'>python: context.getLedger("") != "automated"</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
   <role id='Assignee'>
    <property id='title'>Person Shadow</property>
    <property id='condition'>python: context.getLedger("") == "automated"</property>
@@ -13,6 +6,13 @@
    <multi_property id='category'>role/shadow/person</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Auditor'>
    <property id='title'>User</property>
    <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != '') and (context.getLedger("") == "automated")</property>
@@ -20,4 +20,11 @@
    <multi_property id='categories'>local_role_group/user</multi_property>
    <multi_property id='base_category'>destination_section</multi_property>
   </role>
+  <role id='Assignor'>
+   <property id='title'>Writable for Accountant</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file