slapos_erp5: fixup Account security

master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module.xml

 <local_roles_item>
  <local_roles>
-  <role id='F-ACCOUNTING'>
+  <role id='F-ACCOUNTING*'>
    <item>Auditor</item>
    <item>Author</item>
   </role>
@@ -10,8 +10,8 @@
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
-    <principal id='F-ACCOUNTING'>Auditor</principal>
-    <principal id='F-ACCOUNTING'>Author</principal>
+    <principal id='F-ACCOUNTING*'>Auditor</principal>
+    <principal id='F-ACCOUNTING*'>Author</principal>
   </local_role_group_id>
   <local_role_group_id id='shadow'>
     <principal id='R-SHADOW-PERSON'>Auditor</principal>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account%20Module.xml

@@ -3,7 +3,7 @@
    <property id='title'>Accountant</property>
    <property id='description'>Any accountant or accountant manager may create accounts and access accounts</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting*</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account.xml

 <type_roles>
+  <role id='Assignee'>
+   <property id='title'>Accountant Agent</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting/agent</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Assignor'>
-   <property id='title'>Accountant</property>
+   <property id='title'>Accountant Manager</property>
    <property id='description'>Only the accountant can validate new accounts.</property>
    <multi_property id='categories'>local_role_group/function</multi_property>
-   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='category'>function/accounting/manager</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Auditor'>

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py

@@ -1440,19 +1440,20 @@ class TestAccountModule(TestSlapOSGroupRoleSecurityMixin):
     module = self.portal.account_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+        ['F-ACCOUNTING*', self.user_id, 'R-SHADOW-PERSON'], False)
+    self.assertRoles(module, 'F-ACCOUNTING*', ['Auditor', 'Author'])
     self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestAccount(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_AccountingFunction(self):
     product = self.portal.account_module.newContent(
         portal_type='Account')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
+        ['F-ACCMAN', 'F-ACCAGT', self.user_id, 'R-SHADOW-PERSON'], False)
+    self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
+    self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
     self.assertRoles(product, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])