Commit 1c066b6b authored by Romain Courteaud's avatar Romain Courteaud

slapos_erp5: only accountant can read/write accounting transactions.

Ledger is used as write condition
parent 8a7eb9dd
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<role id='F-ACCOUNTING'>
<item>Auditor</item>
<item>Author</item>
</role>
......@@ -12,9 +12,9 @@
</role>
</local_roles>
<local_role_group_ids>
<local_role_group_id id='group'>
<principal id='G-COMPANY'>Auditor</principal>
<principal id='G-COMPANY'>Author</principal>
<local_role_group_id id='function'>
<principal id='F-ACCOUNTING'>Auditor</principal>
<principal id='F-ACCOUNTING'>Author</principal>
</local_role_group_id>
<local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignor</principal>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Assignor</item>
<role id='F-ACCOUNTING'>
<item>Auditor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Assignee</item>
</role>
</local_roles>
<local_role_group_ids>
<local_role_group_id id='group'>
<principal id='G-COMPANY'>Assignor</principal>
<local_role_group_id id='function'>
<principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id>
<local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Assignor</item>
<role id='F-ACCOUNTING'>
<item>Auditor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Assignee</item>
</role>
</local_roles>
<local_role_group_ids>
<local_role_group_id id='group'>
<principal id='G-COMPANY'>Assignor</principal>
<local_role_group_id id='function'>
<principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id>
<local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Assignor</item>
<role id='F-ACCOUNTING'>
<item>Auditor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Assignee</item>
</role>
</local_roles>
<local_role_group_ids>
<local_role_group_id id='group'>
<principal id='G-COMPANY'>Assignor</principal>
<local_role_group_id id='function'>
<principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id>
<local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Assignor</item>
<role id='F-ACCOUNTING'>
<item>Auditor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Assignee</item>
</role>
</local_roles>
<local_role_group_ids>
<local_role_group_id id='group'>
<principal id='G-COMPANY'>Assignor</principal>
<local_role_group_id id='function'>
<principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id>
<local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Assignor</item>
<role id='F-ACCOUNTING'>
<item>Auditor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Assignee</item>
</role>
</local_roles>
<local_role_group_ids>
<local_role_group_id id='group'>
<principal id='G-COMPANY'>Assignor</principal>
<local_role_group_id id='function'>
<principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id>
<local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Assignor</item>
<role id='F-ACCOUNTING'>
<item>Auditor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Assignee</item>
</role>
</local_roles>
<local_role_group_ids>
<local_role_group_id id='group'>
<principal id='G-COMPANY'>Assignor</principal>
<local_role_group_id id='function'>
<principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id>
<local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<type_roles>
<role id='Author; Auditor'>
<property id='title'>Group company</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
<property id='title'>Accountant</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Member</property>
......
<type_roles>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Group company</property>
<property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles>
\ No newline at end of file
<type_roles>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Group company</property>
<property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles>
\ No newline at end of file
<type_roles>
<role id='Assignor'>
<property id='title'>Group company</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Person Shadow</property>
<property id='condition'>python: here.getDestinationSection('', portal_type='Person') == ""</property>
......@@ -13,6 +6,13 @@
<multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Shadow User</property>
<property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
......@@ -27,4 +27,11 @@
<multi_property id='categories'>local_role_group/user</multi_property>
<multi_property id='base_category'>destination_section</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles>
\ No newline at end of file
<type_roles>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Group company</property>
<property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles>
\ No newline at end of file
......@@ -6,6 +6,12 @@
<multi_property id='categories'>local_role_group/user</multi_property>
<multi_property id='base_category'>destination_decision</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Group company</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Member can see template</property>
<property id='condition'>python: here.getRelativeUrl() == here.getPortalObject().portal_preferences.getPreferredRegularisationRequestTemplate()</property>
......@@ -13,12 +19,4 @@
<multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Project Compute Node Manager</property>
<property id='description'>XXX project local role group</property>
<property id='condition'>python: context.getSourceProject("", portal_type='Project') != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/computer/manager</multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
</type_roles>
\ No newline at end of file
<type_roles>
<role id='Assignor'>
<property id='title'>Group company</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Person Shadow</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
......@@ -13,6 +6,13 @@
<multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Auditor'>
<property id='title'>User</property>
<property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != '') and (context.getLedger("") == "automated")</property>
......@@ -20,4 +20,11 @@
<multi_property id='categories'>local_role_group/user</multi_property>
<multi_property id='base_category'>destination_section</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment