slapos_erp5:

* test event module local roles * test Compute Node module local roles * test Compute Node local roles * test Support Request module local roles * test Support Request local roles * test Software Product module local roles * test Software Product local roles * drop test for Compute Partition and Software Release * test Software Installation local roles * test Currency (Module) local roles * test Acknowledgment local roles * remove Credit Card local role test We do not store Credit Card

slapos_erp5:
* test event module local roles * test Compute Node module local roles * test Compute Node local roles * test Support Request module local roles * test Support Request local roles * test Software Product module local roles * test Software Product local roles * drop test for Compute Partition and Software Release * test Software Installation local roles * test Currency (Module) local roles * test Acknowledgment local roles * remove Credit Card local role test We do not store Credit Card
50e2479d · Romain Courteaud · 9265c47f · 50e2479d · 50e2479d · 50e2479d
Commit 50e2479d authored Jan 13, 2023 by Romain Courteaud
9 changed files
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/currency_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/currency_module.xml
 <local_roles_item>
 <local_roles>
+  <role id='F-ACCOUNTING*'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
  <role id='F-CUSTOMER'>
   <item>Auditor</item>
  </role>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/currency_module/CNY.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/currency_module/CNY.xml
 <local_roles_item>
 <local_roles>
+  <role id='F-ACCOUNTING*'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
  <role id='F-CUSTOMER'>
   <item>Auditor</item>
  </role>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/currency_module/EUR.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/currency_module/EUR.xml
 <local_roles_item>
 <local_roles>
+  <role id='F-ACCOUNTING*'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
  <role id='F-CUSTOMER'>
   <item>Auditor</item>
  </role>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/support_request_module/slapos_crm_support_request_template.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/support_request_module/slapos_crm_support_request_template.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
-  </role>
  <role id='R-MEMBER'>
   <item>Auditor</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
-  </local_role_group_id>
  <local_role_group_id id='user'>
    <principal id='R-MEMBER'>Auditor</principal>
  </local_role_group_id>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Acknowledgement.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Acknowledgement.xml
@@ -38,6 +38,7 @@
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
   <multi_property id='category'>function/production/agent</multi_property>
   <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Assignor'>
   <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
   <multi_property id='category'>function/production/manager</multi_property>
   <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Currency%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Currency%20Module.xml
 <type_roles>
+  <role id='Author; Auditor'>
+   <property id='title'>Accountant</property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Auditor'>
   <property id='title'>Member</property>
   <multi_property id='category'>function/customer</multi_property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Currency.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Currency.xml
 <type_roles>
+  <role id='Author; Auditor'>
+   <property id='title'>Accountant</property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Auditor'>
   <property id='title'>Member</property>
   <multi_property id='category'>function/customer</multi_property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Support%20Request.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Support%20Request.xml
@@ -36,6 +36,7 @@
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
   <multi_property id='category'>function/production/agent</multi_property>
   <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Assignor'>
   <property id='title'>Source Project Production Manager</property>
@@ -44,5 +45,6 @@
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
   <multi_property id='category'>function/production/manager</multi_property>
   <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -102,121 +102,36 @@ class TestAssignment(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(assignment, self.user_id, ['Owner'])
 class TestComputeNode(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_default(self):
    compute_node = self.portal.compute_node_module.newContent(portal_type='Compute Node')
    compute_node.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(compute_node,
-        ['G-COMPANY', self.user_id, compute_node.getUserId()], False)
+        [self.user_id, compute_node.getUserId()], False)
-    self.assertRoles(compute_node, 'G-COMPANY', ['Assignor'])
    self.assertRoles(compute_node, self.user_id, ['Owner'])
    self.assertRoles(compute_node, compute_node.getUserId(), ['Assignor'])
  def test_ProjectMember(self):
    project = self.addProject()
-    person = self.makePerson(project, user=1)
-    compute_node = self.portal.compute_node_module.newContent(
-        portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-    compute_node.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(compute_node,
-        ['G-COMPANY',  self.user_id, person.getUserId(),
-         project.getReference(), compute_node.getUserId()], False)
-    self.assertRoles(compute_node, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(compute_node, self.user_id, ['Owner'])
-    self.assertRoles(compute_node, person.getUserId(), ['Assignee'])
-    self.assertRoles(compute_node, project.getReference(), ['Assignee'])
-  def test_OrganisationMember(self):
-    project = self.addProject()
-    person = self.makePerson(project, user=1)
    compute_node = self.portal.compute_node_module.newContent(
        portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
+        follow_up_value=project)
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_section=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
-    compute_node.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(compute_node,
-        ['G-COMPANY',  self.user_id, person.getUserId(),
-         organisation.getReference(), compute_node.getUserId()], False)
-    self.assertRoles(compute_node, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(compute_node, self.user_id, ['Owner'])
-    self.assertRoles(compute_node, person.getUserId(), ['Assignee'])
-    self.assertRoles(compute_node, organisation.getReference(), ['Assignee'])
-  def test_ComputeNodeAgent(self):
-    reference = 'TESTPERSON-%s' % self.generateNewId()
-    person = self.portal.person_module.newContent(portal_type='Person',
-        reference=reference)
-    compute_node = self.portal.compute_node_module.newContent(portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
-    compute_node.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(compute_node,
-        [self.user_id, 'G-COMPANY', person.getUserId(), compute_node.getUserId()], False)
-    self.assertRoles(compute_node, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(compute_node, person.getUserId(), ['Assignee'])
-    self.assertRoles(compute_node, self.user_id, ['Owner'])
-    self.assertRoles(compute_node, compute_node.getUserId(), ['Assignor'])
-  def test_AllocationScope(self):
-    compute_node = self.portal.compute_node_module.newContent(portal_type='Compute Node')
-    # open/public
-    compute_node.edit(allocation_scope='open/public')
-    compute_node.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(compute_node,
-        [self.user_id, 'G-COMPANY', 'R-SHADOW-PERSON', compute_node.getUserId()], False)
-    self.assertRoles(compute_node, 'R-SHADOW-PERSON', ['Auditor'])
-    self.assertRoles(compute_node, self.user_id, ['Owner'])
-    self.assertRoles(compute_node, compute_node.getUserId(), ['Assignor'])
-    # open/personal
-    reference = 'TESTPERSON-%s' % self.generateNewId()
-    person = self.portal.person_module.newContent(portal_type='Person',
-        reference=reference)
-    compute_node.edit(allocation_scope='open/personal',
-        source_administration=person.getRelativeUrl()
-    )
    compute_node.updateLocalRolesOnSecurityGroups()
-    shadow_user_id = 'SHADOW-%s' % person.getUserId()
+    self.assertSecurityGroup(compute_node, [
+      self.user_id,
-    self.assertSecurityGroup(compute_node,
+      compute_node.getUserId(),
-        [self.user_id, 'G-COMPANY', shadow_user_id,
+      '%s_F-PRODAGNT' % project.getReference(),
-         person.getUserId(), compute_node.getUserId()], False)
+      '%s_F-PRODMAN' % project.getReference(),
-    self.assertRoles(compute_node, shadow_user_id, ['Auditor'])
+      '%s_F-CUSTOMER' % project.getReference(),
+      '%s_R-INSTANCE' % project.getReference(),
+    ], False)
    self.assertRoles(compute_node, self.user_id, ['Owner'])
    self.assertRoles(compute_node, compute_node.getUserId(), ['Assignor'])
+    self.assertRoles(compute_node, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
+    self.assertRoles(compute_node, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(compute_node, '%s_F-CUSTOMER' % project.getReference(), ['Auditor'])
+    self.assertRoles(compute_node, '%s_R-INSTANCE' % project.getReference(), ['Auditor'])
-  def test_selfComputeNode(self):
-    reference = 'TESTCOMP-%s' % self.generateNewId()
-    compute_node = self.portal.compute_node_module.newContent(portal_type='Compute Node',
-        reference=reference)
-    compute_node.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(compute_node,
-        [self.user_id, 'G-COMPANY', compute_node.getUserId()], False)
-    self.assertRoles(compute_node, compute_node.getUserId(), ['Assignor'])
-    self.assertRoles(compute_node, self.user_id, ['Owner'])
 class TestComputerModel(TestSlapOSGroupRoleSecurityMixin):
  def test_GroupCompany(self):
@@ -269,14 +184,15 @@ class TestComputeNodeModule(TestSlapOSGroupRoleSecurityMixin):
    module = self.portal.compute_node_module
    self.changeOwnership(module)
    self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', 'R-SHADOW-PERSON', self.user_id],
+        ['F-PRODUCTION*', 'R-COMPUTER', 'F-CUSTOMER', 'R-INSTANCE', self.user_id],
        False)
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor'])
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor', 'Author'])
    self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
-    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
+    self.assertRoles(module, 'R-INSTANCE', ['Auditor'])
    self.assertRoles(module, self.user_id, ['Owner'])
 class TestComputerNetwork(TestSlapOSGroupRoleSecurityMixin):
  def test_ProjectMember(self):
@@ -353,56 +269,6 @@ class TestComputerNetworkModule(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
    self.assertRoles(module, self.user_id, ['Owner'])
-class TestComputePartition(TestSlapOSGroupRoleSecurityMixin):
-  def test_CustomerOfThePartition(self):
-    partition = self.portal.compute_node_module.newContent(
-        portal_type='Compute Node').newContent(portal_type='Compute Partition')
-    self.portal.portal_workflow._jumpToStateFor(partition, 'busy')
-    self.commit()
-    instance_customer_reference = 'TESTPERSON-%s' % self.generateNewId()
-    slave_customer_reference = 'TESTPERSON-%s' % self.generateNewId()
-    instance_customer = self.portal.person_module.newContent(
-        portal_type='Person', reference=instance_customer_reference)
-    slave_customer = self.portal.person_module.newContent(
-        portal_type='Person', reference=slave_customer_reference)
-    instance_subscription_reference = 'TESTHS-%s' % self.generateNewId()
-    instance_subscription = self.portal.instance_tree_module\
-        .template_instance_tree.Base_createCloneDocument(batch_mode=1)
-    instance_subscription.edit(
-        destination_section=instance_customer.getRelativeUrl(),
-        reference=instance_subscription_reference)
-    instance = self.portal.software_instance_module.template_software_instance\
-        .Base_createCloneDocument(batch_mode=1)
-    instance.edit(specialise=instance_subscription.getRelativeUrl(),
-        aggregate=partition.getRelativeUrl())
-    instance.validate()
-    self.commit()
-    slave_subscription = self.portal.instance_tree_module\
-        .template_instance_tree.Base_createCloneDocument(batch_mode=1)
-    slave_subscription.edit(
-        destination_section=slave_customer.getRelativeUrl())
-    slave = self.portal.software_instance_module.template_slave_instance\
-        .Base_createCloneDocument(batch_mode=1)
-    slave.validate()
-    slave.edit(specialise=slave_subscription.getRelativeUrl(),
-        aggregate=partition.getRelativeUrl())
-    self.commit()
-    partition.updateLocalRolesOnSecurityGroups()
-    self.tic()
-    self.assertSecurityGroup(partition,
-        [self.user_id, instance_customer.getUserId(), slave_customer.getUserId(),
-          instance_subscription_reference], True)
-    self.assertRoles(partition, instance_customer.getUserId(), ['Auditor'])
-    self.assertRoles(partition, slave_customer.getUserId(), ['Auditor'])
-    self.assertRoles(partition, instance_subscription_reference, ['Auditor'])
-    self.assertRoles(partition, self.user_id, ['Owner'])
-  test_SoftwareInstanceGroupRelatedToComputePartition = \
-      test_CustomerOfThePartition
 class TestCredentialUpdateModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
@@ -825,14 +691,12 @@ class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(instance, self.user_id, ['Owner'])
 class TestSoftwareInstallation(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_default(self):
    installation = self.portal.software_installation_module.newContent(
        portal_type='Software Installation')
    installation.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(installation, [self.user_id,
+    self.assertSecurityGroup(installation, [self.user_id], False)
-        'G-COMPANY'], False)
-    self.assertRoles(installation, 'G-COMPANY', ['Assignor'])
    self.assertRoles(installation, self.user_id, ['Owner'])
  def test_ComputeNode(self):
@@ -847,98 +711,38 @@ class TestSoftwareInstallation(TestSlapOSGroupRoleSecurityMixin):
    installation.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(installation, [self.user_id,
-        'G-COMPANY', compute_node.getUserId()], False)
+        compute_node.getUserId()], False)
-    self.assertRoles(installation, 'G-COMPANY', ['Assignor'])
    self.assertRoles(installation, compute_node.getUserId(), ['Assignor'])
    self.assertRoles(installation, self.user_id, ['Owner'])
  def test_ProjectMember(self):
    project = self.addProject()
-    person = self.makePerson(project, user=1)
-    compute_node_reference = 'TESTCOMP-%s' % self.generateNewId()
-    compute_node = self.portal.compute_node_module.template_compute_node\
-        .Base_createCloneDocument(batch_mode=1)
-    compute_node.edit(reference=compute_node_reference,
-        source_administration=person.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-    installation = self.portal.software_installation_module.newContent(
-        portal_type='Software Installation',
-        aggregate=compute_node.getRelativeUrl())
-    installation.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(installation, [self.user_id,
-        'G-COMPANY', compute_node.getUserId(), project.getReference()], False)
-    self.assertRoles(installation, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(installation, compute_node.getUserId(), ['Assignor'])
-    self.assertRoles(installation, self.user_id, ['Owner'])
-    self.assertRoles(installation, project.getReference(), ['Assignee'])
-  def test_OrganisationMember(self):
-    project = self.addProject()
-    person = self.makePerson(project, user=1)
-    compute_node_reference = 'TESTCOMP-%s' % self.generateNewId()
-    compute_node = self.portal.compute_node_module.template_compute_node\
-        .Base_createCloneDocument(batch_mode=1)
-    compute_node.edit(reference=compute_node_reference,
-        source_administration=person.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())    
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_section=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
    installation = self.portal.software_installation_module.newContent(
        portal_type='Software Installation',
-        aggregate=compute_node.getRelativeUrl())
+        follow_up_value=project)
    installation.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(installation, [self.user_id,
+    self.assertSecurityGroup(installation, [
-        'G-COMPANY', compute_node.getUserId(), organisation.getReference()], False)
+      self.user_id,
-    self.assertRoles(installation, 'G-COMPANY', ['Assignor'])
+      '%s_F-PRODAGNT' % project.getReference(),
-    self.assertRoles(installation, compute_node.getUserId(), ['Assignor'])
+      '%s_F-PRODMAN' % project.getReference(),
+      '%s_F-CUSTOMER' % project.getReference(),
+    ], False)
    self.assertRoles(installation, self.user_id, ['Owner'])
-    self.assertRoles(installation, organisation.getReference(), ['Assignee'])
+    self.assertRoles(installation, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
+    self.assertRoles(installation, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(installation, '%s_F-CUSTOMER' % project.getReference(), ['Auditor'])
-  def test_ProviderOfTheInstallation(self):
-    provider_reference = 'TESTPERSON-%s' % self.generateNewId()
-    provider = self.portal.person_module.newContent(
-        portal_type='Person', reference=provider_reference)
-    installation = self.portal.software_installation_module.newContent(
-        portal_type='Software Installation',
-        destination_section=provider.getRelativeUrl())
-    installation.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(installation, [self.user_id,
-        'G-COMPANY', provider.getUserId()], False)
-    self.assertRoles(installation, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(installation, provider.getUserId(), ['Assignee'])
-    self.assertRoles(installation, self.user_id, ['Owner'])
 class TestSoftwareInstallationModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
    module = self.portal.software_installation_module
    self.changeOwnership(module)
    self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-MEMBER', 'R-COMPUTER', self.user_id], False)
+        ['F-PRODUCTION*', 'F-CUSTOMER', 'R-COMPUTER', self.user_id], False)
    self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor'])
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor', 'Author'])
    self.assertRoles(module, self.user_id, ['Owner'])
 class TestSoftwareInstance(TestSlapOSGroupRoleSecurityMixin):
@@ -1020,44 +824,39 @@ class TestSoftwareInstanceModule(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(module, self.user_id, ['Owner'])
 class TestSoftwareProduct(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_default(self):
    product = self.portal.software_product_module.newContent(
        portal_type='Software Product')
    product.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
+        [self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+  def test_Project(self):
+    project = self.addProject()
+    product = self.portal.software_product_module.newContent(
+        portal_type='Software Product',
+        follow_up_value=project)
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product, [self.user_id,
+        '%s_F-CUSTOMER' % project.getReference(),
+        '%s_F-PRODAGNT' % project.getReference(),
+        '%s_F-PRODMAN' % project.getReference()], False)
    self.assertRoles(product, self.user_id, ['Owner'])
+    self.assertRoles(product, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(product, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
+    self.assertRoles(product, '%s_F-CUSTOMER' % project.getReference(), ['Auditor'])
 class TestSoftwareProductModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
    module = self.portal.software_product_module
    self.changeOwnership(module)
    self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-MEMBER', self.user_id], False)
+        ['F-PRODUCTION*', 'F-CUSTOMER', self.user_id], False)
-    self.assertRoles(module, 'R-MEMBER', ['Auditor'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor'])
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor', 'Author'])
    self.assertRoles(module, self.user_id, ['Owner'])
-class TestSoftwareRelease(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
-    release = self.portal.software_release_module.newContent(
-        portal_type='Software Release')
-    release.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(release,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(release, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(release, self.user_id, ['Owner'])
-class TestSoftwareReleaseModule(TestSlapOSGroupRoleSecurityMixin):
-  def test(self):
-    module = self.portal.software_release_module
-    self.changeOwnership(module)
-    self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-MEMBER', self.user_id], False)
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
-    self.assertRoles(module, self.user_id, ['Owner'])
 class TestOpenSaleOrderModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
@@ -1373,21 +1172,26 @@ class TestCurrencyModule(TestSlapOSGroupRoleSecurityMixin):
    module = self.portal.currency_module
    self.changeOwnership(module)
    self.assertSecurityGroup(module,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON', 'R-MEMBER'], True)
+        ['F-ACCOUNTING*', 'F-PRODUCTION*', self.user_id,
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+         'R-SHADOW-PERSON', 'F-CUSTOMER'], True)
+    self.assertRoles(module, 'F-ACCOUNTING*', ['Auditor', 'Author'])
    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
-    self.assertRoles(module, 'R-MEMBER', ['Auditor'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor'])
    self.assertRoles(module, self.user_id, ['Owner'])
 class TestCurrency(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_default(self):
    product = self.portal.currency_module.newContent(
        portal_type='Currency')
    product.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
+        ['F-ACCOUNTING*', 'F-PRODUCTION*', self.user_id,
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+         'R-SHADOW-PERSON', 'F-CUSTOMER'], False)
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor', 'Author'])
    self.assertRoles(product, 'R-SHADOW-PERSON', ['Auditor'])
+    self.assertRoles(product, 'F-PRODUCTION*', ['Auditor'])
+    self.assertRoles(product, 'F-CUSTOMER', ['Auditor'])
    self.assertRoles(product, self.user_id, ['Owner'])
 class TestSaleTradeConditionModule(TestSlapOSGroupRoleSecurityMixin):
@@ -1424,45 +1228,6 @@ class TestAccountingPeriod(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
    self.assertRoles(product, self.user_id, ['Owner'])
-class TestAcknowledgement(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
-    product = self.portal.event_module.newContent(
-        portal_type='Acknowledgement')
-    product.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, self.user_id, ['Owner'])
-  def test_SourceCustomer(self):
-    reference = 'TESTPERSON-%s' % self.generateNewId()
-    person = self.portal.person_module.newContent(portal_type='Person',
-        reference=reference)
-    product = self.portal.event_module.newContent(
-        portal_type='Acknowledgement',
-        source_value=person,
-        )
-    product.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(product,
-        ['G-COMPANY', person.getUserId(), self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, person.getUserId(), ['Auditor'])
-    self.assertRoles(product, self.user_id, ['Owner'])
-  def test_DestinationCustomer(self):
-    reference = 'TESTPERSON-%s' % self.generateNewId()
-    person = self.portal.person_module.newContent(portal_type='Person',
-        reference=reference)
-    product = self.portal.event_module.newContent(
-        portal_type='Acknowledgement',
-        destination_value=person,
-        )
-    product.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(product,
-        ['G-COMPANY', person.getUserId(), self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, person.getUserId(), ['Auditor'])
-    self.assertRoles(product, self.user_id, ['Owner'])
 class TestBankAccount(TestSlapOSGroupRoleSecurityMixin):
  def test_GroupCompany(self):
@@ -1562,16 +1327,6 @@ class TestCashRegister(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
    self.assertRoles(product, self.user_id, ['Owner'])
-class TestCreditCard(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
-    product = self.portal.organisation_module.newContent(
-        portal_type='Organisation').newContent(
-        portal_type='Credit Card')
-    product.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, self.user_id, ['Owner'])
 class TestDocumentIngestionModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
@@ -1587,9 +1342,9 @@ class TestEventModule(TestSlapOSGroupRoleSecurityMixin):
    module = self.portal.event_module
    self.changeOwnership(module)
    self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-MEMBER', self.user_id], True)
+        ['F-PRODUCTION*', 'F-CUSTOMER', self.user_id], True)
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor', 'Author'])
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor', 'Author'])
    self.assertRoles(module, self.user_id, ['Owner'])
 class TestMailMessage(TestSlapOSGroupRoleSecurityMixin):
@@ -1687,6 +1442,9 @@ class TestFaxMessage(TestMailMessage):
 class TestLetter(TestMailMessage):
  event_portal_type = 'Letter'
+class TestAcknowledgement(TestMailMessage):
+  event_portal_type = 'Acknowledgement'
 class TestNotificationMessageModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
    module = self.portal.notification_message_module
@@ -1730,9 +1488,9 @@ class TestSupportRequestModule(TestSlapOSGroupRoleSecurityMixin):
    module = self.portal.support_request_module
    self.changeOwnership(module)
    self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-MEMBER', self.user_id], True)
+        ['F-PRODUCTION*', 'F-CUSTOMER', self.user_id], True)
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor', 'Author'])
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor', 'Author'])
    self.assertRoles(module, self.user_id, ['Owner'])
 class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
@@ -1741,8 +1499,7 @@ class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
        portal_type='Support Request')
    support_request.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(support_request,
-        ['G-COMPANY', self.user_id], False)
+        [self.user_id], False)
-    self.assertRoles(support_request, 'G-COMPANY', ['Assignor'])
    self.assertRoles(support_request, self.user_id, ['Owner'])
  def test_Customer(self):
@@ -1755,8 +1512,7 @@ class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
        )
    support_request.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(support_request,
-        ['G-COMPANY', person.getUserId(), self.user_id], False)
+        [person.getUserId(), self.user_id], False)
-    self.assertRoles(support_request, 'G-COMPANY', ['Assignor'])
    self.assertRoles(support_request, person.getUserId(), ['Auditor'])
    self.assertRoles(support_request, self.user_id, ['Owner'])
@@ -1766,138 +1522,37 @@ class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
    assert support_request.getPortalType() == 'Support Request'
    support_request.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(support_request,
-        ['G-COMPANY', support_request.Base_getOwnerId(), 'R-MEMBER'], False)
+        [support_request.Base_getOwnerId(), 'R-MEMBER'], False)
-    self.assertRoles(support_request, 'G-COMPANY', ['Assignor'])
    self.assertRoles(support_request, support_request.Base_getOwnerId(), ['Owner'])
    self.assertRoles(support_request, 'R-MEMBER', ['Auditor'])
    self.assertPermissionsOfRole(support_request, 'Auditor',
        ['Access contents information', 'View'])
-  def test_ProjectMember(self):
+  def test_SourceProject(self):
-    project = self.addProject()
-    person = self.makePerson(project, user=1)
-    compute_node = self.portal.compute_node_module.newContent(
-        portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-    support_request = self.portal.support_request_module.newContent(
-        portal_type='Support Request',
-        destination_decision_value=person,
-        aggregate=compute_node.getRelativeUrl()
-        )
-    support_request.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(support_request,
-        ['G-COMPANY', person.getUserId(), self.user_id, project.getReference()], False)
-    self.assertRoles(support_request, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(support_request, person.getUserId(), ['Auditor'])
-    self.assertRoles(support_request, self.user_id, ['Owner'])
-    self.assertRoles(support_request, project.getReference(), ['Auditor'])
-  def test_ProjectMember_InstanceTree(self):
-    project = self.addProject()
-    person = self.makePerson(project, user=1)
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        reference="INSTTREETEST-%s" % self.generateNewId(),
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        destination_section=person.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-    self.tic()
-    self.login(person.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-    support_request = self.portal.support_request_module.newContent(
-        portal_type='Support Request',
-        destination_decision_value=person,
-        aggregate=instance_tree.getRelativeUrl()
-        )
-    support_request.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(support_request,
-        ['G-COMPANY', person.getUserId(), self.user_id, project.getReference()], False)
-    self.assertRoles(support_request, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(support_request, person.getUserId(), ['Auditor'])
-    self.assertRoles(support_request, self.user_id, ['Owner'])
-    self.assertRoles(support_request, project.getReference(), ['Auditor'])
-  def test_OrganisationMember(self):
    project = self.addProject()
-    person = self.makePerson(project, user=1)
-    compute_node = self.portal.compute_node_module.newContent(
-        portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_section=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
    support_request = self.portal.support_request_module.newContent(
        portal_type='Support Request',
-        destination_decision_value=person,
+        source_project_value=project)
-        aggregate=compute_node.getRelativeUrl()
-        )
    support_request.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(support_request,
+    self.assertSecurityGroup(support_request, [self.user_id,
-        ['G-COMPANY', person.getUserId(), self.user_id, organisation.getReference()], False)
+        '%s_F-PRODAGNT' % project.getReference(),
-    self.assertRoles(support_request, 'G-COMPANY', ['Assignor'])
+        '%s_F-PRODMAN' % project.getReference()], False)
-    self.assertRoles(support_request, person.getUserId(), ['Auditor'])
    self.assertRoles(support_request, self.user_id, ['Owner'])
-    self.assertRoles(support_request, organisation.getReference(), ['Auditor'])
+    self.assertRoles(support_request, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(support_request, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
-  def test_OrganisationMember_InstanceTree(self):
+  def test_DestinationProject(self):
    project = self.addProject()
-    person = self.makePerson(project, user=1)
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        reference="INSTTREETEST-%s" % self.generateNewId(),
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        destination_section=person.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())
-    self.tic()
-    self.login(person.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
    support_request = self.portal.support_request_module.newContent(
        portal_type='Support Request',
-        destination_decision_value=person,
+        destination_project_value=project)
-        aggregate=instance_tree.getRelativeUrl()
-        )
    support_request.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(support_request,
+    self.assertSecurityGroup(support_request, [self.user_id,
-        ['G-COMPANY', person.getUserId(), self.user_id, organisation.getReference()], False)
+        '%s_F-PRODAGNT' % project.getReference(),
-    self.assertRoles(support_request, 'G-COMPANY', ['Assignor'])
+        '%s_F-PRODMAN' % project.getReference()], False)
-    self.assertRoles(support_request, person.getUserId(), ['Auditor'])
    self.assertRoles(support_request, self.user_id, ['Owner'])
-    self.assertRoles(support_request, organisation.getReference(), ['Auditor'])
+    self.assertRoles(support_request, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(support_request, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
 class TestWebPageModule(TestSlapOSGroupRoleSecurityMixin):