slapos_erp5:

* Sale person can access Service
* only provide read/write access on Organisation to Sale/Accountant
* Sale aent create Trade Condition

master/bt5/slapos_erp5/LocalRolesTemplateItem/organisation_module.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING*'>
    <item>Auditor</item>
    <item>Author</item>
   </role>
-  <role id='R-COMPUTER'>
-   <item>Auditor</item>
-  </role>
-  <role id='R-MEMBER'>
+  <role id='F-SALE*'>
    <item>Auditor</item>
    <item>Author</item>
   </role>
-  <role id='R-SHADOW-PERSON'>
-   <item>Auditor</item>
-  </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='computer'>
-    <principal id='R-COMPUTER'>Auditor</principal>
-  </local_role_group_id>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='shadow'>
-    <principal id='R-SHADOW-PERSON'>Auditor</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING*'>Auditor</principal>
+    <principal id='F-ACCOUNTING*'>Author</principal>
+    <principal id='F-SALE*'>Auditor</principal>
+    <principal id='F-SALE*'>Author</principal>
   </local_role_group_id>
  </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/sale_trade_condition_module.xml

 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING*'>
+   <item>Auditor</item>
+  </role>
+  <role id='F-CUSTOMER'>
    <item>Auditor</item>
-   <item>Author</item>
   </role>
-  <role id='R-MEMBER'>
+  <role id='F-SALE*'>
    <item>Auditor</item>
+   <item>Author</item>
   </role>
   <role id='R-SHADOW-PERSON'>
-   <item>Assignor</item>
+   <item>Auditor</item>
   </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING*'>Auditor</principal>
+    <principal id='F-CUSTOMER'>Auditor</principal>
+    <principal id='F-SALE*'>Auditor</principal>
+    <principal id='F-SALE*'>Author</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
-    <principal id='R-SHADOW-PERSON'>Assignor</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
+    <principal id='R-SHADOW-PERSON'>Auditor</principal>
   </local_role_group_id>
  </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module.xml

@@ -6,6 +6,9 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/cpu_load_percent.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/memory_used.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_account_validation.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_acknowledgement.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_complaint.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_delete_acknowledgement.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_delete_reminder.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_information.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_invoice_cancellation.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_monitoring.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_spam.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_stop_acknowledgement.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_stop_reminder.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_crm_upgrade.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_discount.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_instance_cleanup.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_instance_hosting.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_instance_setup.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_instance_subscription.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_instance_update.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_netdrive_consumption.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_reservation_fee.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_reservation_refund.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/slapos_tax.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/service_module/zero_emission_ratio.xml

@@ -6,5 +6,8 @@
   <role id='F-PRODUCTION*'>
    <item>Auditor</item>
   </role>
+  <role id='F-SALE*'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation%20Module.xml

 <type_roles>
-  <role id='Auditor'>
-   <property id='title'>Compute Node</property>
-   <multi_property id='categories'>local_role_group/computer</multi_property>
-   <multi_property id='category'>role/computer</multi_property>
-   <multi_property id='base_category'>role</multi_property>
-  </role>
-  <role id='Auditor; Author'>
-   <property id='title'>Customer</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
-  </role>
   <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Accountant</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
-  <role id='Auditor'>
-   <property id='title'>Person Shadow</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='category'>role/shadow/person</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+  <role id='Author; Auditor'>
+   <property id='title'>Sale</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/sale*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml

 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Accountant Agent</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
-  <role id='Auditor'>
-   <property id='title'>Member</property>
-   <property id='description'>User can only see SlapOS company for invoice purposes.</property>
-   <property id='condition'>python: here.getRole() == "admin"</property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Accountant Manager</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignee'>
-   <property id='title'>Organisation Member</property>
-   <property id='condition'>python: here.getReference() is not None</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+   <property id='title'>Sale Agent</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/sale/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
-  <role id='Assignee; Owner'>
-   <property id='title'>Person Owner</property>
-   <property id='description'>XXXX Review this later</property>
-   <property id='base_category_script'>ERP5Type_acquireSecurityFromOwner</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>source</multi_property>
-  </role>
-  <role id='Auditor'>
-   <property id='title'>Person Shadow</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='category'>role/shadow/person</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Sale Manager</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/sale/manager</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Trade%20Condition%20Module.xml

 <type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Auditor'>
+   <property id='title'>Accountant</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>
-   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <property id='title'>Customer</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
-  <role id='Assignor'>
+  <role id='Auditor'>
    <property id='title'>Person Shadow</property>
    <multi_property id='categories'>local_role_group/shadow</multi_property>
    <multi_property id='category'>role/shadow/person</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Author; Auditor'>
+   <property id='title'>Sale</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/sale*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Trade%20Condition.xml

 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Auditor'>
+   <property id='title'>Accountant</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Destination Project Member</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""
+</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='categories'>local_role_group/project</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
   </role>
   <role id='Auditor'>
    <property id='title'>Person Shadow</property>
@@ -11,4 +19,24 @@
    <multi_property id='category'>role/shadow/person</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Assignee'>
+   <property id='title'>Sale Agent</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/sale/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Sale Manager</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/sale/manager</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Source Project Member</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""
+</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='categories'>local_role_group/project</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Service%20Module.xml

@@ -12,4 +12,10 @@ add local roles group</property>
    <multi_property id='category'>function/customer</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>Sale</property>
+   <property id='description'>`Sale` people can NOT create/modify `Service`. This comes from the `bt5`, and can be really fragile to change for now.</property>
+   <multi_property id='category'>function/sale*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Service.xml

@@ -11,4 +11,13 @@ add local roles group</property>
    <multi_property id='category'>function/customer</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>Sale</property>
+   <property id='description'>`Sale` people can NOT create/modify `Service`. This comes from the `bt5`, and can be really fragile to change for now.
+
+XXX TODO
+add local roles group</property>
+   <multi_property id='category'>function/sale*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file