slapos_erp5:

* project needed to create person
* provide access to Web Page to function/marketing
* Web Illustration
* test marketing function
* fixup Account security
* fix Accounting Period security
* update Account exported local roles
* update Accounting Transaction Module security
* update Accounting/Balance Transaction security
* update web_page_module local_roles
* fix Purchase Invoice Transaction security
* fix Sale Invoice Transaction security
* fixup Payment Transaction security
* test Instance Tree security
* update Assignment local roles test
* test Software Instance local roles
* test Slave Instance local roles
* test Event local roles
* explicitely define the security base category order

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCOUNTING*'>
    <item>Auditor</item>
    <item>Author</item>
   </role>
@@ -10,8 +10,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Auditor</principal>
-    <principal id='F-ACCOUNTING'>Author</principal>
+    <principal id='F-ACCOUNTING*'>Auditor</principal>
+    <principal id='F-ACCOUNTING*'>Author</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/bank.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/capital.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/coll_vat.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/equipments.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/inventories.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/payable.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/payment_to_encash.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/profit_loss.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/purchase.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/receivable.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/refundable_vat.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/sales.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCAGT'>
+   <item>Assignee</item>
+  </role>
+  <role id='F-ACCMAN'>
    <item>Assignor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
@@ -9,7 +12,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Assignor</principal>
+    <principal id='F-ACCAGT'>Assignee</principal>
+    <principal id='F-ACCMAN'>Assignor</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCOUNTING*'>
    <item>Auditor</item>
    <item>Author</item>
   </role>

master/bt5/slapos_erp5/LocalRolesTemplateItem/web_page_module.xml

+<local_roles_item>
+ <local_roles>
+  <role id='F-MARKETING*'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
+ </local_roles>
+</local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account%20Module.xml

@@ -3,7 +3,7 @@
    <property id='title'>Accountant</property>
    <property id='description'>Any accountant or accountant manager may create accounts and access accounts</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account.xml

 <type_roles>
+  <role id='Assignee'>
+   <property id='title'>Accountant Agent</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Accountant</property>
+   <property id='title'>Accountant Manager</property>
    <property id='description'>Only the accountant can validate new accounts.</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Period.xml

 <type_roles>
+  <role id='Assignee'>
+   <property id='title'>Accountant Agent</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Accountant</property>
+   <property id='title'>Accountant Manager</property>
+   <property id='description'>Only the accountant can validate new accounts.</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction%20Module.xml

 <type_roles>
   <role id='Author; Auditor'>
    <property id='title'>Accountant</property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction.xml

@@ -3,14 +3,21 @@
    <property id='title'>ReadOnly for Accountant</property>
    <property id='condition'>python: context.getLedger("") == "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Writable for Accountant Agent</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
-   <property id='title'>Writable for Accountant</property>
+   <property id='title'>Writable for Accountant Manager</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Balance%20Transaction.xml

@@ -3,14 +3,21 @@
    <property id='title'>ReadOnly for Accountant</property>
    <property id='condition'>python: context.getLedger("") == "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Writable for Accountant Agent</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
-   <property id='title'>Writable for Accountant</property>
+   <property id='title'>Writable for Accountant Manager</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Fax%20Message.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Letter.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Mail%20Message.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Note.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml

 <type_roles>
   <role id='Assignee'>
    <property id='title'>Person Shadow</property>
-   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') == ""</property>
+   <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') == "") and (here.getLedger("") == "automated")</property>
    <multi_property id='categories'>local_role_group/shadow</multi_property>
    <multi_property id='category'>role/shadow/person</multi_property>
    <multi_property id='base_category'>role</multi_property>
@@ -10,12 +10,12 @@
    <property id='title'>ReadOnly for Accountant</property>
    <property id='condition'>python: context.getLedger("") == "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>
    <property id='title'>Shadow User</property>
-   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
+   <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != "") and (here.getLedger("") == "automated")</property>
    <property id='base_category_script'>PaymentTransaction_getSecurityCategoryFromUser</property>
    <multi_property id='categories'>local_role_group/shadow</multi_property>
    <multi_property id='base_category'>aggregate</multi_property>
@@ -27,11 +27,18 @@
    <multi_property id='categories'>local_role_group/user</multi_property>
    <multi_property id='base_category'>destination_section</multi_property>
   </role>
+  <role id='Assignee'>
+   <property id='title'>Writable for Accountant Agent</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Writable for Accountant</property>
+   <property id='title'>Writable for Accountant Manager</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Phone%20Call.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Purchase%20Invoice%20Transaction.xml

@@ -3,14 +3,21 @@
    <property id='title'>ReadOnly for Accountant</property>
    <property id='condition'>python: context.getLedger("") == "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Writable for Accountant Agent</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
-   <property id='title'>Writable for Accountant</property>
+   <property id='title'>Writable for Accountant Manager</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Invoice%20Transaction.xml

@@ -10,7 +10,7 @@
    <property id='title'>ReadOnly for Accountant</property>
    <property id='condition'>python: context.getLedger("") == "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>
@@ -20,11 +20,18 @@
    <multi_property id='categories'>local_role_group/user</multi_property>
    <multi_property id='base_category'>destination_section</multi_property>
   </role>
+  <role id='Assignee'>
+   <property id='title'>Writable for Accountant Agent</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Writable for Accountant</property>
+   <property id='title'>Writable for Accountant Manager</property>
    <property id='condition'>python: context.getLedger("") != "automated"</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Short%20Message.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Site%20Message.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Visit.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Illustration.xml

 <type_roles>
   <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Marketing</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/marketing*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Message.xml

@@ -38,6 +38,7 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/agent</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignor'>
    <property id='title'>Source Project Production Manager</property>
@@ -46,5 +47,6 @@
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
    <multi_property id='category'>function/production/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Page%20Module.xml

+<type_roles>
+  <role id='Author; Auditor'>
+   <property id='title'>Marketing</property>
+   <multi_property id='category'>function/marketing*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Page.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Marketing</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/marketing*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Table.xml

 <type_roles>
   <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Marketing</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/marketing*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
   </role>
 </type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py

@@ -97,8 +97,8 @@ class TestAssignment(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Person').newContent(portal_type='Assignment')
     assignment.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(assignment,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(assignment, 'G-COMPANY', ['Auditor', 'Assignor'])
+        ['F-IS*', self.user_id], False)
+    self.assertRoles(assignment, 'F-IS*', ['Auditor'])
     self.assertRoles(assignment, self.user_id, ['Owner'])
 
 class TestComputeNode(TestSlapOSGroupRoleSecurityMixin):
@@ -112,7 +112,8 @@ class TestComputeNode(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(compute_node, compute_node.getUserId(), ['Assignor'])
 
   def test_ProjectMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node = self.portal.compute_node_module.newContent(
         portal_type='Compute Node',
         source_administration=person.getRelativeUrl())
@@ -137,7 +138,8 @@ class TestComputeNode(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(compute_node, project.getReference(), ['Assignee'])
 
   def test_OrganisationMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node = self.portal.compute_node_module.newContent(
         portal_type='Compute Node',
         source_administration=person.getRelativeUrl())
@@ -278,7 +280,8 @@ class TestComputeNodeModule(TestSlapOSGroupRoleSecurityMixin):
 class TestComputerNetwork(TestSlapOSGroupRoleSecurityMixin):
 
   def test_ProjectMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     network = self.portal.computer_network_module.newContent(
         portal_type='Computer Network',
         source_administration=person.getRelativeUrl())
@@ -303,7 +306,8 @@ class TestComputerNetwork(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(network, project.getReference(), ['Assignee'])
 
   def test_OrganisationMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     network = self.portal.computer_network_module.newContent(
         portal_type='Computer Network',
         source_administration=person.getRelativeUrl())
@@ -437,11 +441,9 @@ class TestInstanceTree(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Instance Tree', reference=reference)
     subscription.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(subscription, [self.user_id, reference,
-        'G-COMPANY'], False)
+    self.assertSecurityGroup(subscription, [self.user_id, reference], False)
     self.assertRoles(subscription, reference, ['Assignee'])
     self.assertRoles(subscription, self.user_id, ['Owner'])
-    self.assertRoles(subscription, 'G-COMPANY', ['Assignor'])
 
   def test_CustomOfTheInstanceTree(self):
     customer_reference = 'TESTPERSON-%s' % self.generateNewId()
@@ -454,65 +456,27 @@ class TestInstanceTree(TestSlapOSGroupRoleSecurityMixin):
     subscription.updateLocalRolesOnSecurityGroups()
 
     self.assertSecurityGroup(subscription, [self.user_id, reference,
-        customer.getUserId(), 'G-COMPANY'], False)
+        customer.getUserId()], False)
     self.assertRoles(subscription, reference, ['Assignee'])
     self.assertRoles(subscription, customer.getUserId(), ['Assignee'])
     self.assertRoles(subscription, self.user_id, ['Owner'])
-    self.assertRoles(subscription, 'G-COMPANY', ['Assignor'])
 
   def test_ProjectMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
     reference = 'TESTHS-%s' % self.generateNewId()
-    subscription = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree', reference=reference,
-        title=reference,
-        destination_section=person.getRelativeUrl())
     project = self.portal.project_module.newContent(
         portal_type='Project')
-
-    self.tic()
-    self.login(person.getUserId())
-    subscription.InstanceTree_createMovement(
-      destination_project=project.getRelativeUrl())
-    self.login()
-
-    self.tic()
-    subscription.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(subscription, [self.user_id, reference,
-        person.getUserId(), 'G-COMPANY', project.getReference()], False)
-    self.assertRoles(subscription, reference, ['Assignee'])
-    self.assertRoles(subscription, person.getUserId(), ['Assignee'])
-    self.assertRoles(subscription, self.user_id, ['Owner'])
-    self.assertRoles(subscription, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(subscription, project.getReference(), ['Assignee'])
-
-
-  def test_OrganisationMember(self):
-    person = self.makePerson(user=1)
-    reference = 'TESTHS-%s' % self.generateNewId()
     subscription = self.portal.instance_tree_module.newContent(
         portal_type='Instance Tree', reference=reference,
-        title=reference,
-        destination_section=person.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())
-
-    self.tic()
-    self.login(person.getUserId())
-    subscription.InstanceTree_createMovement(
-      destination=organisation.getRelativeUrl())
-    self.login()
-
-    self.tic()
+        follow_up_value=project)
     subscription.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(subscription, [self.user_id, reference,
-        person.getUserId(), 'G-COMPANY', organisation.getReference()], False)
+        '%s_F-PRODAGNT' % project.getReference(),
+        '%s_F-PRODMAN' % project.getReference()], False)
     self.assertRoles(subscription, reference, ['Assignee'])
-    self.assertRoles(subscription, person.getUserId(), ['Assignee'])
     self.assertRoles(subscription, self.user_id, ['Owner'])
-    self.assertRoles(subscription, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(subscription, organisation.getReference(), ['Assignee'])
+    self.assertRoles(subscription, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(subscription, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
 
 
 class TestInstanceTreeModule(TestSlapOSGroupRoleSecurityMixin):
@@ -520,11 +484,11 @@ class TestInstanceTreeModule(TestSlapOSGroupRoleSecurityMixin):
     module = self.portal.instance_tree_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', 'R-INSTANCE', self.user_id], False)
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
+        ['F-PRODUCTION*', 'R-COMPUTER', 'F-CUSTOMER', 'R-INSTANCE', self.user_id], False)
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor', 'Author'])
     self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
     self.assertRoles(module, 'R-INSTANCE', ['Auditor'])
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestOrganisation(TestSlapOSGroupRoleSecurityMixin):
@@ -603,7 +567,8 @@ class TestProjectModule(TestSlapOSGroupRoleSecurityMixin):
 class TestProject(TestSlapOSGroupRoleSecurityMixin):
 
   def test_with_user(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     project = self.portal.project_module.newContent(
         portal_type='Project',
         destination_decision_value=person)
@@ -786,13 +751,12 @@ class TestPersonModule(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_default(self):
     instance = self.portal.software_instance_module.newContent(
         portal_type='Slave Instance')
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', self.user_id], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
+    self.assertSecurityGroup(instance, [self.user_id], False)
     self.assertRoles(instance, self.user_id, ['Owner'])
 
   def test_CustomerOfTheInstance(self):
@@ -810,74 +774,28 @@ class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Slave Instance', specialise=subscription.getRelativeUrl())
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', customer.getUserId(),
+    self.assertSecurityGroup(instance, [customer.getUserId(),
         subscription_reference, self.user_id], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
     self.assertRoles(instance, customer.getUserId(), ['Assignee'])
     self.assertRoles(instance, subscription_reference, ['Assignee'])
     self.assertRoles(instance, self.user_id, ['Owner'])
 
   def test_ProjectMember(self):
-    customer = self.makePerson(user=1)
-    subscription_reference = 'TESTHS-%s ' % self.generateNewId()
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        reference=subscription_reference,
-        destination_section=customer.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-
-    self.tic()
-    self.login(customer.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-
-    instance = self.portal.software_instance_module.newContent(
-        portal_type='Slave Instance', specialise=instance_tree.getRelativeUrl())
-    instance.updateLocalRolesOnSecurityGroups()
-
-    self.assertSecurityGroup(instance, ['G-COMPANY', customer.getUserId(),
-        subscription_reference, self.user_id, project.getReference()], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(instance, customer.getUserId(), ['Assignee'])
-    self.assertRoles(instance, subscription_reference, ['Assignee'])
-    self.assertRoles(instance, self.user_id, ['Owner'])
-    self.assertRoles(instance, project.getReference(), ['Assignee'])
-
-  def test_OrganisationMember(self):
-    customer = self.makePerson(user=1)
-    subscription_reference = 'TESTHS-%s ' % self.generateNewId()
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        reference=subscription_reference,
-        destination_section=customer.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())    
-
-    self.tic()
-    self.login(customer.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
-
+    project = self.addProject()
     instance = self.portal.software_instance_module.newContent(
-        portal_type='Slave Instance', specialise=instance_tree.getRelativeUrl())
+      portal_type='Slave Instance',
+      follow_up_value=project
+    )
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', customer.getUserId(),
-        subscription_reference, self.user_id, organisation.getReference()], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(instance, customer.getUserId(), ['Assignee'])
-    self.assertRoles(instance, subscription_reference, ['Assignee'])
+    self.assertSecurityGroup(instance, [
+      self.user_id,
+      '%s_F-PRODAGNT' % project.getReference(),
+      '%s_F-PRODMAN' % project.getReference()
+    ], False)
     self.assertRoles(instance, self.user_id, ['Owner'])
-    self.assertRoles(instance, organisation.getReference(), ['Assignee'])
-
+    self.assertRoles(instance, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
+    self.assertRoles(instance, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
 
   def test_SoftwareInstanceWhichProvidesThisSlaveInstance(self):
     compute_node_reference = 'TESTCOMP-%s' % self.generateNewId()
@@ -900,9 +818,8 @@ class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin):
     instance = self.portal.software_instance_module.newContent(
         portal_type='Slave Instance', aggregate=partition.getRelativeUrl())
     instance.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(instance, ['G-COMPANY', provider.getUserId(),
+    self.assertSecurityGroup(instance, [provider.getUserId(),
         compute_node.getUserId(), self.user_id], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
     self.assertRoles(instance, provider.getUserId(), ['Assignor'])
     self.assertRoles(instance, compute_node.getUserId(), ['Assignor'])
     self.assertRoles(instance, self.user_id, ['Owner'])
@@ -936,7 +853,8 @@ class TestSoftwareInstallation(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(installation, self.user_id, ['Owner'])
 
   def test_ProjectMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node_reference = 'TESTCOMP-%s' % self.generateNewId()
     compute_node = self.portal.compute_node_module.template_compute_node\
         .Base_createCloneDocument(batch_mode=1)
@@ -965,7 +883,8 @@ class TestSoftwareInstallation(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(installation, project.getReference(), ['Assignee'])
 
   def test_OrganisationMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node_reference = 'TESTCOMP-%s' % self.generateNewId()
     compute_node = self.portal.compute_node_module.template_compute_node\
         .Base_createCloneDocument(batch_mode=1)
@@ -1023,13 +942,12 @@ class TestSoftwareInstallationModule(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestSoftwareInstance(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_default(self):
     instance = self.portal.software_instance_module.newContent(
         portal_type='Software Instance')
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', self.user_id], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
+    self.assertSecurityGroup(instance, [self.user_id], False)
     self.assertRoles(instance, self.user_id, ['Owner'])
 
   def test_CustomerOfTheInstance(self):
@@ -1047,74 +965,29 @@ class TestSoftwareInstance(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Software Instance', specialise=subscription.getRelativeUrl())
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', customer.getUserId(),
+    self.assertSecurityGroup(instance, [customer.getUserId(),
         subscription_reference, self.user_id], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
     self.assertRoles(instance, customer.getUserId(), ['Assignee'])
     self.assertRoles(instance, subscription_reference, ['Assignee'])
     self.assertRoles(instance, self.user_id, ['Owner'])
 
   def test_ProjectMember(self):
-    customer = self.makePerson(user=1)
-
-    subscription_reference = 'TESTHS-%s ' % self.generateNewId()
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        reference=subscription_reference,
-        destination_section=customer.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-
-    self.tic()
-    self.login(customer.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-
-    instance = self.portal.software_instance_module.newContent(
-        portal_type='Software Instance', specialise=instance_tree.getRelativeUrl())
-    instance.updateLocalRolesOnSecurityGroups()
-
-    self.assertSecurityGroup(instance, ['G-COMPANY', customer.getUserId(),
-        subscription_reference, self.user_id, project.getReference()], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(instance, customer.getUserId(), ['Assignee'])
-    self.assertRoles(instance, subscription_reference, ['Assignee'])
-    self.assertRoles(instance, self.user_id, ['Owner'])
-    self.assertRoles(instance, project.getReference(), ['Assignee'])
-
-  def test_OrganisationMember(self):
-    customer = self.makePerson(user=1)
-    subscription_reference = 'TESTHS-%s ' % self.generateNewId()
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        reference=subscription_reference,
-        destination_section=customer.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())    
-
-    self.tic()
-    self.login(customer.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
+    project = self.addProject()
 
     instance = self.portal.software_instance_module.newContent(
-        portal_type='Software Instance', specialise=instance_tree.getRelativeUrl())
+      portal_type='Software Instance',
+      follow_up_value=project
+    )
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', customer.getUserId(),
-        subscription_reference, self.user_id, organisation.getReference()], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(instance, customer.getUserId(), ['Assignee'])
-    self.assertRoles(instance, subscription_reference, ['Assignee'])
+    self.assertSecurityGroup(instance, [
+      self.user_id,
+      '%s_F-PRODAGNT' % project.getReference(),
+      '%s_F-PRODMAN' % project.getReference(),
+    ], False)
     self.assertRoles(instance, self.user_id, ['Owner'])
-    self.assertRoles(instance, organisation.getReference(), ['Assignee'])
+    self.assertRoles(instance, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
+    self.assertRoles(instance, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
 
   def test_ComputeNode(self):
     compute_node_reference = 'TESTCOMP-%s' % self.generateNewId()
@@ -1129,9 +1002,8 @@ class TestSoftwareInstance(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Software Instance', aggregate=partition.getRelativeUrl())
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', compute_node.getUserId(),
+    self.assertSecurityGroup(instance, [compute_node.getUserId(),
         self.user_id], False)
-    self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
     self.assertRoles(instance, compute_node.getUserId(), ['Assignor'])
     self.assertRoles(instance, self.user_id, ['Owner'])
 
@@ -1140,9 +1012,9 @@ class TestSoftwareInstanceModule(TestSlapOSGroupRoleSecurityMixin):
     module = self.portal.software_instance_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-COMPUTER', 'R-INSTANCE', 'R-MEMBER', self.user_id], False)
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+        ['F-PRODUCTION*', 'R-COMPUTER', 'R-INSTANCE', 'F-CUSTOMER', self.user_id], False)
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor', 'Author'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor'])
     self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
     self.assertRoles(module, 'R-INSTANCE', ['Auditor', 'Author'])
     self.assertRoles(module, self.user_id, ['Owner'])
@@ -1282,43 +1154,79 @@ class TestAccountingTransactionModule(TestSlapOSGroupRoleSecurityMixin):
     module = self.portal.accounting_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON', 'R-MEMBER'], True)
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+        ['F-ACCOUNTING*', 'F-PRODUCTION*', self.user_id,
+         'R-SHADOW-PERSON', 'F-CUSTOMER'], True)
+    self.assertRoles(module, 'F-ACCOUNTING*', ['Auditor', 'Author'])
     self.assertRoles(module, 'R-SHADOW-PERSON', ['Assignor'])
-    self.assertRoles(module, 'R-MEMBER', ['Auditor'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestAccountingTransaction(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction_LedgerNotAutomated(self):
     product = self.portal.accounting_module.newContent(
         portal_type='Accounting Transaction')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+
+  def test_AccountingFunction_LedgerAutomated(self):
+    product = self.portal.accounting_module.newContent(
+        portal_type='Accounting Transaction')
+    product.edit(ledger='automated')
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product,
+        ['F-ACCOUNTING*', self.user_id], False)
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
 class TestBalanceTransaction(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction_LedgerNotAutomated(self):
     product = self.portal.accounting_module.newContent(
         portal_type='Balance Transaction')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+
+  def test_AccountingFunction_LedgerAutomated(self):
+    product = self.portal.accounting_module.newContent(
+        portal_type='Balance Transaction')
+    product.edit(ledger='automated')
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product,
+        ['F-ACCOUNTING*', self.user_id], False)
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
 class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction_LedgerNotAutomated(self):
     product = self.portal.accounting_module.newContent(
         portal_type='Payment Transaction')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
-  def test_ShadowUser(self):
+  def test_AccountingFunction_LedgerAutomated(self):
+    product = self.portal.accounting_module.newContent(
+        portal_type='Payment Transaction')
+    product.edit(ledger='automated')
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product,
+        ['F-ACCOUNTING*', 'R-SHADOW-PERSON', self.user_id], False)
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
+    self.assertRoles(product, 'R-SHADOW-PERSON', ['Assignee'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+
+  def test_UserWithoutLedger(self):
     reference = 'TESTPERSON-%s' % self.generateNewId()
     person = self.portal.person_module.newContent(portal_type='Person',
         reference=reference)
@@ -1328,15 +1236,13 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
         destination_section_value=person,
         )
     product.updateLocalRolesOnSecurityGroups()
-    shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, shadow_user_id, ['Auditor'])
-    self.assertRoles(product, person.getUserId(), ['Auditor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
-  def test_User(self):
+  def test_UserLedger(self):
     reference = 'TESTPERSON-%s' % self.generateNewId()
     person = self.portal.person_module.newContent(portal_type='Person',
         reference=reference)
@@ -1344,44 +1250,60 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Payment Transaction')
     product.edit(
         destination_section_value=person,
+        ledger='automated'
         )
     product.updateLocalRolesOnSecurityGroups()
     shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(),
+        ['F-ACCOUNTING*', self.user_id, person.getUserId(),
          shadow_user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
     self.assertRoles(product, shadow_user_id, ['Auditor'])
     self.assertRoles(product, person.getUserId(), ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
-  def test_User_without_destination_section(self):
+
+class TestPurchaseInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
+  def test_AccountingFunction_LedgerNotAutomated(self):
     product = self.portal.accounting_module.newContent(
-        portal_type='Payment Transaction')
+        portal_type='Purchase Invoice Transaction')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
-class TestPurchaseInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction_LedgerAutomated(self):
     product = self.portal.accounting_module.newContent(
         portal_type='Purchase Invoice Transaction')
+    product.edit(ledger='automated')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCOUNTING*', self.user_id], False)
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
 class TestSaleInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction_LedgerNotAutomated(self):
     product = self.portal.accounting_module.newContent(
         portal_type='Sale Invoice Transaction')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
+    self.assertRoles(product, self.user_id, ['Owner'])
+
+  def test_AccountingFunction_LedgerAutomated(self):
+    product = self.portal.accounting_module.newContent(
+        portal_type='Sale Invoice Transaction')
+    product.edit(ledger='automated')
+    product.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(product,
+        ['F-ACCOUNTING*', self.user_id, 'R-SHADOW-PERSON'], False)
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
+    self.assertRoles(product, 'R-SHADOW-PERSON', ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
   def test_User(self):
@@ -1391,14 +1313,16 @@ class TestSaleInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
     product = self.portal.accounting_module.newContent(
         portal_type='Sale Invoice Transaction')
     product.edit(
+        ledger='automated',
         destination_section_value=person,
         )
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), 
+        ['F-ACCOUNTING*', self.user_id, person.getUserId(),
          'R-SHADOW-PERSON'], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
     self.assertRoles(product, person.getUserId(), ['Auditor'])
+    self.assertRoles(product, 'R-SHADOW-PERSON', ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
 class TestServiceModule(TestSlapOSGroupRoleSecurityMixin):
@@ -1427,19 +1351,20 @@ class TestAccountModule(TestSlapOSGroupRoleSecurityMixin):
     module = self.portal.account_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+        ['F-ACCOUNTING*', self.user_id, 'R-SHADOW-PERSON'], False)
+    self.assertRoles(module, 'F-ACCOUNTING*', ['Auditor', 'Author'])
     self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestAccount(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction(self):
     product = self.portal.account_module.newContent(
         portal_type='Account')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id, 'R-SHADOW-PERSON'], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
     self.assertRoles(product, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
@@ -1488,14 +1413,15 @@ class TestSaleTradeCondition(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(product, self.user_id, ['Owner'])
 
 class TestAccountingPeriod(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction(self):
     product = self.portal.organisation_module.newContent(
         portal_type='Organisation').newContent(
         portal_type='Accounting Period')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
 class TestAcknowledgement(TestSlapOSGroupRoleSecurityMixin):
@@ -1668,13 +1594,12 @@ class TestEventModule(TestSlapOSGroupRoleSecurityMixin):
 
 class TestMailMessage(TestSlapOSGroupRoleSecurityMixin):
   event_portal_type = 'Mail Message'
-  def test_GroupCompany(self):
+  def test_default(self):
     product = self.portal.event_module.newContent(
         portal_type=self.event_portal_type)
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        [self.user_id], False)
     self.assertRoles(product, self.user_id, ['Owner'])
 
   def test_SourceCustomer(self):
@@ -1687,8 +1612,7 @@ class TestMailMessage(TestSlapOSGroupRoleSecurityMixin):
         )
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', person.getUserId(), self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        [person.getUserId(), self.user_id], False)
     self.assertRoles(product, person.getUserId(), ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
@@ -1702,164 +1626,41 @@ class TestMailMessage(TestSlapOSGroupRoleSecurityMixin):
         )
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', person.getUserId(), self.user_id], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        [person.getUserId(), self.user_id], False)
     self.assertRoles(product, person.getUserId(), ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
-  def test_ProjectMember(self):
-    person = self.makePerson(user=1)
-    compute_node = self.portal.compute_node_module.newContent(
-        portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-
-    support_request = self.portal.support_request_module.newContent(
-        portal_type='Support Request',
-        destination_decision_value=person,
-        aggregate=compute_node.getRelativeUrl()
-        )
-
+  def test_SourceProject(self):
+    project = self.addProject()
     event = self.portal.event_module.newContent(
         portal_type=self.event_portal_type,
-        destination_value=person,
-        follow_up=support_request.getRelativeUrl()
+        source_project_value=project
         )
 
     event.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(event,
-        ['G-COMPANY', person.getUserId(),
-         self.user_id, project.getReference()], False)
-    self.assertRoles(event, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(event, person.getUserId(), ['Auditor'])
-    self.assertRoles(event, project.getReference(), ['Auditor'])
-    self.assertRoles(event, self.user_id, ['Owner'])
-
-  def test_ProjectMember_InstanceTreeRequest(self):
-
-    person = self.makePerson(user=1)
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        reference="INSTTREETEST-%s" % self.generateNewId(),
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        destination_section=person.getRelativeUrl())
-    project = self.portal.project_module.newContent(
-        portal_type='Project')
-
-    self.tic()
-    self.login(person.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination_project=project.getRelativeUrl())
-    self.login()
-    self.tic()
-
-    support_request = self.portal.support_request_module.newContent(
-        portal_type='Support Request',
-        destination_decision_value=person,
-        aggregate=instance_tree.getRelativeUrl()
-        )
-
-    event = self.portal.event_module.newContent(
-        portal_type=self.event_portal_type,
-        destination_value=person,
-        follow_up=support_request.getRelativeUrl()
-        )
 
-    event.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(event,
-        ['G-COMPANY', person.getUserId(),
-         self.user_id, project.getReference()], False)
-    self.assertRoles(event, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(event, person.getUserId(), ['Auditor'])
-    self.assertRoles(event, project.getReference(), ['Auditor'])
+    self.assertSecurityGroup(event, [self.user_id,
+        '%s_F-PRODAGNT' % project.getReference(),
+        '%s_F-PRODMAN' % project.getReference()], False)
     self.assertRoles(event, self.user_id, ['Owner'])
+    self.assertRoles(event, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(event, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
 
-
-  def test_OrganisationMember(self):
-    person = self.makePerson(user=1)
-    compute_node = self.portal.compute_node_module.newContent(
-        portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())
-
-    self.tic()
-    self.login(person.getUserId())
-    compute_node.ComputeNode_createMovement(
-      destination=person.getRelativeUrl(),
-      destination_section=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
-
-    support_request = self.portal.support_request_module.newContent(
-        portal_type='Support Request',
-        destination_decision_value=person,
-        aggregate=compute_node.getRelativeUrl()
-        )
-
+  def test_DestinationProject(self):
+    project = self.addProject()
     event = self.portal.event_module.newContent(
         portal_type=self.event_portal_type,
-        destination_value=person,
-        follow_up=support_request.getRelativeUrl()
+        destination_project_value=project
         )
 
     event.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(event,
-        ['G-COMPANY', person.getUserId(),
-         self.user_id, organisation.getReference()], False)
-    self.assertRoles(event, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(event, person.getUserId(), ['Auditor'])
-    self.assertRoles(event, organisation.getReference(), ['Auditor'])
-    self.assertRoles(event, self.user_id, ['Owner'])
-
-  def test_OrganisationMember_InstanceTree(self):
-    person = self.makePerson(user=1)
-    instance_tree = self.portal.instance_tree_module.newContent(
-        portal_type='Instance Tree',
-        reference="INSTTREETEST-%s" % self.generateNewId(),
-        title="INSTTREETEST-%s" % self.generateNewId(),
-        destination_section=person.getRelativeUrl())
-    organisation = self.portal.organisation_module.newContent(
-        portal_type='Organisation',
-        reference="TESTO-%s" % self.generateNewId())
-
-    self.tic()
-    self.login(person.getUserId())
-    instance_tree.InstanceTree_createMovement(
-      destination=organisation.getRelativeUrl())
-    self.login()
-    self.tic()
-
-    support_request = self.portal.support_request_module.newContent(
-        portal_type='Support Request',
-        destination_decision_value=person,
-        aggregate=instance_tree.getRelativeUrl()
-        )
-
-    event = self.portal.event_module.newContent(
-        portal_type=self.event_portal_type,
-        destination_value=person,
-        follow_up=support_request.getRelativeUrl()
-        )
 
-    event.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(event,
-        ['G-COMPANY', person.getUserId(),
-         self.user_id, organisation.getReference()], False)
-    self.assertRoles(event, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(event, person.getUserId(), ['Auditor'])
-    self.assertRoles(event, organisation.getReference(), ['Auditor'])
+    self.assertSecurityGroup(event, [self.user_id,
+        '%s_F-PRODAGNT' % project.getReference(),
+        '%s_F-PRODMAN' % project.getReference()], False)
     self.assertRoles(event, self.user_id, ['Owner'])
+    self.assertRoles(event, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(event, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
 
 
 class TestShortMessage(TestMailMessage):
@@ -1973,7 +1774,8 @@ class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
         ['Access contents information', 'View'])
 
   def test_ProjectMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node = self.portal.compute_node_module.newContent(
         portal_type='Compute Node',
         source_administration=person.getRelativeUrl())
@@ -2002,7 +1804,8 @@ class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(support_request, project.getReference(), ['Auditor'])
 
   def test_ProjectMember_InstanceTree(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     instance_tree = self.portal.instance_tree_module.newContent(
         portal_type='Instance Tree',
         reference="INSTTREETEST-%s" % self.generateNewId(),
@@ -2033,7 +1836,8 @@ class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
 
 
   def test_OrganisationMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node = self.portal.compute_node_module.newContent(
         portal_type='Compute Node',
         source_administration=person.getRelativeUrl())
@@ -2063,7 +1867,8 @@ class TestSupportRequest(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(support_request, organisation.getReference(), ['Auditor'])
 
   def test_OrganisationMember_InstanceTree(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     instance_tree = self.portal.instance_tree_module.newContent(
         portal_type='Instance Tree',
         reference="INSTTREETEST-%s" % self.generateNewId(),
@@ -2100,38 +1905,38 @@ class TestWebPageModule(TestSlapOSGroupRoleSecurityMixin):
     module = self.portal.web_page_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        ['G-COMPANY', self.user_id], True)
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+        ['F-MARKETING*', self.user_id], True)
+    self.assertRoles(module, 'F-MARKETING*', ['Auditor', 'Author'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestWebPage(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_MarketingFunction(self):
     document = self.portal.web_page_module.newContent(
         portal_type='Web Page')
     document.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(document,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(document, 'G-COMPANY', ['Assignor'])
+        ['F-MARKETING*', self.user_id], False)
+    self.assertRoles(document, 'F-MARKETING*', ['Assignor'])
     self.assertRoles(document, self.user_id, ['Owner'])
 
 class TestWebTable(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_MarketingFunction(self):
     document = self.portal.web_page_module.newContent(
         portal_type='Web Table')
     document.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(document,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(document, 'G-COMPANY', ['Assignor'])
+        ['F-MARKETING*', self.user_id], False)
+    self.assertRoles(document, 'F-MARKETING*', ['Assignor'])
     self.assertRoles(document, self.user_id, ['Owner'])
 
 class TestWebIllustration(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_MarketingFunction(self):
     document = self.portal.web_page_module.newContent(
         portal_type='Web Illustration')
     document.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(document,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(document, 'G-COMPANY', ['Assignor'])
+        ['F-MARKETING*', self.user_id], False)
+    self.assertRoles(document, 'F-MARKETING*', ['Assignor'])
     self.assertRoles(document, self.user_id, ['Owner'])
 
 class TestIntegrationTool(TestSlapOSGroupRoleSecurityMixin):
@@ -2172,8 +1977,8 @@ class TestPayzenEvent(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Payzen Event')
     event.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(event,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(event, 'G-COMPANY', ['Auditor'])
+        ['F-IS*', self.user_id], False)
+    self.assertRoles(event, 'F-IS*', ['Auditor'])
     self.assertRoles(event, self.user_id, ['Owner'])
 
   def test_ShadowUser(self):
@@ -2188,8 +1993,8 @@ class TestPayzenEvent(TestSlapOSGroupRoleSecurityMixin):
     event.updateLocalRolesOnSecurityGroups()
     shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(event,
-        ['G-COMPANY', self.user_id, shadow_user_id], False)
-    self.assertRoles(event, 'G-COMPANY', ['Auditor'])
+        ['F-IS*', self.user_id, shadow_user_id], False)
+    self.assertRoles(event, 'F-IS*', ['Auditor'])
     self.assertRoles(event, shadow_user_id, ['Assignee'])
     self.assertRoles(event, self.user_id, ['Owner'])
 
@@ -2199,8 +2004,8 @@ class TestWechatEvent(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Wechat Event')
     event.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(event,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(event, 'G-COMPANY', ['Auditor'])
+        ['F-IS*', self.user_id], False)
+    self.assertRoles(event, 'F-IS*', ['Auditor'])
     self.assertRoles(event, self.user_id, ['Owner'])
 
   def test_ShadowUser(self):
@@ -2215,8 +2020,8 @@ class TestWechatEvent(TestSlapOSGroupRoleSecurityMixin):
     event.updateLocalRolesOnSecurityGroups()
     shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(event,
-        ['G-COMPANY', self.user_id, shadow_user_id], False)
-    self.assertRoles(event, 'G-COMPANY', ['Auditor'])
+        ['F-IS*', self.user_id, shadow_user_id], False)
+    self.assertRoles(event, 'F-IS*', ['Auditor'])
     self.assertRoles(event, shadow_user_id, ['Assignee'])
     self.assertRoles(event, self.user_id, ['Owner'])
 
@@ -2494,7 +2299,8 @@ class TestUpgradeDecision(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(upgrade_decision, self.user_id, ['Owner'])
 
   def test_ProjectMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node = self.portal.compute_node_module.newContent(
         portal_type='Compute Node',
         source_administration=person.getRelativeUrl())
@@ -2526,12 +2332,14 @@ class TestUpgradeDecision(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(upgrade_decision, project.getReference(), ['Assignee'])
 
   def test_ProjectMember_InstanceTree(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     instance_tree = self.portal.instance_tree_module.newContent(
         portal_type='Instance Tree',
         reference="INSTTREETEST-%s" % self.generateNewId(),
         title="INSTTREETEST-%s" % self.generateNewId(),
-        destination_section=person.getRelativeUrl())
+        destination_section=person.getRelativeUrl(),
+        follow_up_value=project)
     project = self.portal.project_module.newContent(
         portal_type='Project')
 
@@ -2559,10 +2367,11 @@ class TestUpgradeDecision(TestSlapOSGroupRoleSecurityMixin):
 
 
   def test_OrganisationMember(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     compute_node = self.portal.compute_node_module.newContent(
         portal_type='Compute Node',
-        source_administration=person.getRelativeUrl())
+        follow_up_value=project)
     organisation = self.portal.organisation_module.newContent(
         portal_type='Organisation',
         reference="TESTO-%s" % self.generateNewId())
@@ -2592,12 +2401,15 @@ class TestUpgradeDecision(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(upgrade_decision, organisation.getReference(), ['Assignee'])
 
   def test_OrganisationMember_InstanceTree(self):
-    person = self.makePerson(user=1)
+    project = self.addProject()
+    person = self.makePerson(project, user=1)
     instance_tree = self.portal.instance_tree_module.newContent(
         portal_type='Instance Tree',
         reference="INSTTREETEST-%s" % self.generateNewId(),
         title="INSTTREETEST-%s" % self.generateNewId(),
-        destination_section=person.getRelativeUrl())
+        destination_section=person.getRelativeUrl(),
+        follow_up_value=project
+    )
     organisation = self.portal.organisation_module.newContent(
         portal_type='Organisation',
         reference="TESTO-%s" % self.generateNewId())

master/bt5/slapos_erp5/bt/template_local_role_list

@@ -106,3 +106,4 @@ support_request_module
 support_request_module/slapos_crm_support_request_template
 system_event_module
 upgrade_decision_module
+web_page_module
\ No newline at end of file

master/bt5/slapos_erp5/bt/template_portal_type_role_list

@@ -105,4 +105,7 @@ User Consumption HTML File
 Visit
 Web Illustration
 Web Message
+Web Page
+Web Page Module
+Web Table
 Wechat Event
\ No newline at end of file