Commit 1c066b6b authored by Romain Courteaud's avatar Romain Courteaud

slapos_erp5: only accountant can read/write accounting transactions.

Ledger is used as write condition
parent 8a7eb9dd
<local_roles_item> <local_roles_item>
<local_roles> <local_roles>
<role id='G-COMPANY'> <role id='F-ACCOUNTING'>
<item>Auditor</item> <item>Auditor</item>
<item>Author</item> <item>Author</item>
</role> </role>
...@@ -12,9 +12,9 @@ ...@@ -12,9 +12,9 @@
</role> </role>
</local_roles> </local_roles>
<local_role_group_ids> <local_role_group_ids>
<local_role_group_id id='group'> <local_role_group_id id='function'>
<principal id='G-COMPANY'>Auditor</principal> <principal id='F-ACCOUNTING'>Auditor</principal>
<principal id='G-COMPANY'>Author</principal> <principal id='F-ACCOUNTING'>Author</principal>
</local_role_group_id> </local_role_group_id>
<local_role_group_id id='shadow'> <local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignor</principal> <principal id='R-SHADOW-PERSON'>Assignor</principal>
......
<local_roles_item> <local_roles_item>
<local_roles> <local_roles>
<role id='G-COMPANY'> <role id='F-ACCOUNTING'>
<item>Assignor</item> <item>Auditor</item>
</role> </role>
<role id='R-SHADOW-PERSON'> <role id='R-SHADOW-PERSON'>
<item>Assignee</item> <item>Assignee</item>
</role> </role>
</local_roles> </local_roles>
<local_role_group_ids> <local_role_group_ids>
<local_role_group_id id='group'> <local_role_group_id id='function'>
<principal id='G-COMPANY'>Assignor</principal> <principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id> </local_role_group_id>
<local_role_group_id id='shadow'> <local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal> <principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item> <local_roles_item>
<local_roles> <local_roles>
<role id='G-COMPANY'> <role id='F-ACCOUNTING'>
<item>Assignor</item> <item>Auditor</item>
</role> </role>
<role id='R-SHADOW-PERSON'> <role id='R-SHADOW-PERSON'>
<item>Assignee</item> <item>Assignee</item>
</role> </role>
</local_roles> </local_roles>
<local_role_group_ids> <local_role_group_ids>
<local_role_group_id id='group'> <local_role_group_id id='function'>
<principal id='G-COMPANY'>Assignor</principal> <principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id> </local_role_group_id>
<local_role_group_id id='shadow'> <local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal> <principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item> <local_roles_item>
<local_roles> <local_roles>
<role id='G-COMPANY'> <role id='F-ACCOUNTING'>
<item>Assignor</item> <item>Auditor</item>
</role> </role>
<role id='R-SHADOW-PERSON'> <role id='R-SHADOW-PERSON'>
<item>Assignee</item> <item>Assignee</item>
</role> </role>
</local_roles> </local_roles>
<local_role_group_ids> <local_role_group_ids>
<local_role_group_id id='group'> <local_role_group_id id='function'>
<principal id='G-COMPANY'>Assignor</principal> <principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id> </local_role_group_id>
<local_role_group_id id='shadow'> <local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal> <principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item> <local_roles_item>
<local_roles> <local_roles>
<role id='G-COMPANY'> <role id='F-ACCOUNTING'>
<item>Assignor</item> <item>Auditor</item>
</role> </role>
<role id='R-SHADOW-PERSON'> <role id='R-SHADOW-PERSON'>
<item>Assignee</item> <item>Assignee</item>
</role> </role>
</local_roles> </local_roles>
<local_role_group_ids> <local_role_group_ids>
<local_role_group_id id='group'> <local_role_group_id id='function'>
<principal id='G-COMPANY'>Assignor</principal> <principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id> </local_role_group_id>
<local_role_group_id id='shadow'> <local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal> <principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item> <local_roles_item>
<local_roles> <local_roles>
<role id='G-COMPANY'> <role id='F-ACCOUNTING'>
<item>Assignor</item> <item>Auditor</item>
</role> </role>
<role id='R-SHADOW-PERSON'> <role id='R-SHADOW-PERSON'>
<item>Assignee</item> <item>Assignee</item>
</role> </role>
</local_roles> </local_roles>
<local_role_group_ids> <local_role_group_ids>
<local_role_group_id id='group'> <local_role_group_id id='function'>
<principal id='G-COMPANY'>Assignor</principal> <principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id> </local_role_group_id>
<local_role_group_id id='shadow'> <local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal> <principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<local_roles_item> <local_roles_item>
<local_roles> <local_roles>
<role id='G-COMPANY'> <role id='F-ACCOUNTING'>
<item>Assignor</item> <item>Auditor</item>
</role> </role>
<role id='R-SHADOW-PERSON'> <role id='R-SHADOW-PERSON'>
<item>Assignee</item> <item>Assignee</item>
</role> </role>
</local_roles> </local_roles>
<local_role_group_ids> <local_role_group_ids>
<local_role_group_id id='group'> <local_role_group_id id='function'>
<principal id='G-COMPANY'>Assignor</principal> <principal id='F-ACCOUNTING'>Auditor</principal>
</local_role_group_id> </local_role_group_id>
<local_role_group_id id='shadow'> <local_role_group_id id='shadow'>
<principal id='R-SHADOW-PERSON'>Assignee</principal> <principal id='R-SHADOW-PERSON'>Assignee</principal>
......
<type_roles> <type_roles>
<role id='Author; Auditor'> <role id='Author; Auditor'>
<property id='title'>Group company</property> <property id='title'>Accountant</property>
<multi_property id='categories'>local_role_group/group</multi_property> <multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>group/company</multi_property> <multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>function</multi_property>
</role> </role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>Member</property> <property id='title'>Member</property>
......
<type_roles> <type_roles>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'> <role id='Assignor'>
<property id='title'>Group company</property> <property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property> <property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property> <multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>group/company</multi_property> <multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>function</multi_property>
</role> </role>
</type_roles> </type_roles>
\ No newline at end of file
<type_roles> <type_roles>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'> <role id='Assignor'>
<property id='title'>Group company</property> <property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property> <property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property> <multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>group/company</multi_property> <multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>function</multi_property>
</role> </role>
</type_roles> </type_roles>
\ No newline at end of file
<type_roles> <type_roles>
<role id='Assignor'>
<property id='title'>Group company</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Person Shadow</property> <property id='title'>Person Shadow</property>
<property id='condition'>python: here.getDestinationSection('', portal_type='Person') == ""</property> <property id='condition'>python: here.getDestinationSection('', portal_type='Person') == ""</property>
...@@ -13,6 +6,13 @@ ...@@ -13,6 +6,13 @@
<multi_property id='category'>role/shadow/person</multi_property> <multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
</role> </role>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>Shadow User</property> <property id='title'>Shadow User</property>
<property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property> <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
...@@ -27,4 +27,11 @@ ...@@ -27,4 +27,11 @@
<multi_property id='categories'>local_role_group/user</multi_property> <multi_property id='categories'>local_role_group/user</multi_property>
<multi_property id='base_category'>destination_section</multi_property> <multi_property id='base_category'>destination_section</multi_property>
</role> </role>
<role id='Assignor'>
<property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles> </type_roles>
\ No newline at end of file
<type_roles> <type_roles>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'> <role id='Assignor'>
<property id='title'>Group company</property> <property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property> <property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property> <multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>group/company</multi_property> <multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>function</multi_property>
</role> </role>
</type_roles> </type_roles>
\ No newline at end of file
...@@ -6,6 +6,12 @@ ...@@ -6,6 +6,12 @@
<multi_property id='categories'>local_role_group/user</multi_property> <multi_property id='categories'>local_role_group/user</multi_property>
<multi_property id='base_category'>destination_decision</multi_property> <multi_property id='base_category'>destination_decision</multi_property>
</role> </role>
<role id='Assignor'>
<property id='title'>Group company</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>Member can see template</property> <property id='title'>Member can see template</property>
<property id='condition'>python: here.getRelativeUrl() == here.getPortalObject().portal_preferences.getPreferredRegularisationRequestTemplate()</property> <property id='condition'>python: here.getRelativeUrl() == here.getPortalObject().portal_preferences.getPreferredRegularisationRequestTemplate()</property>
...@@ -13,12 +19,4 @@ ...@@ -13,12 +19,4 @@
<multi_property id='category'>role/member</multi_property> <multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
</role> </role>
<role id='Assignor'>
<property id='title'>Project Compute Node Manager</property>
<property id='description'>XXX project local role group</property>
<property id='condition'>python: context.getSourceProject("", portal_type='Project') != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/computer/manager</multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
</type_roles> </type_roles>
\ No newline at end of file
<type_roles> <type_roles>
<role id='Assignor'>
<property id='title'>Group company</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/group</multi_property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Person Shadow</property> <property id='title'>Person Shadow</property>
<property id='condition'>python: context.getLedger("") == "automated"</property> <property id='condition'>python: context.getLedger("") == "automated"</property>
...@@ -13,6 +6,13 @@ ...@@ -13,6 +6,13 @@
<multi_property id='category'>role/shadow/person</multi_property> <multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
</role> </role>
<role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>User</property> <property id='title'>User</property>
<property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != '') and (context.getLedger("") == "automated")</property> <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != '') and (context.getLedger("") == "automated")</property>
...@@ -20,4 +20,11 @@ ...@@ -20,4 +20,11 @@
<multi_property id='categories'>local_role_group/user</multi_property> <multi_property id='categories'>local_role_group/user</multi_property>
<multi_property id='base_category'>destination_section</multi_property> <multi_property id='base_category'>destination_section</multi_property>
</role> </role>
<role id='Assignor'>
<property id='title'>Writable for Accountant</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles> </type_roles>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment