diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml index 17c0c35a27bdac86c7646c8f9dc90f399ac7ef7c..ff439d833317b0ddd653f117ad2ed841f4c7423a 100644 --- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml +++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml @@ -5,6 +5,12 @@ <multi_property id='category'>group/company</multi_property> <multi_property id='base_category'>group</multi_property> </role> + <role id='Auditor'> + <property id='title'>Project Member can see each other</property> + <property id='base_category_script'>ERP5Type_getSecurityCategoryFromChildAssignmentList</property> + <multi_property id='categories'>local_role_group/project</multi_property> + <multi_property id='base_category'>destination_project</multi_property> + </role> <role id='Auditor'> <property id='title'>The Shadow User Himself</property> <property id='description'>Monovalued role</property> diff --git a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.py b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.py new file mode 100644 index 0000000000000000000000000000000000000000..e21280805cc0d35672d602e1009b6185db6ee9c3 --- /dev/null +++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.py @@ -0,0 +1,41 @@ +""" +This script returns a list of dictionaries which represent +the security groups which a person is member of. It extracts +the categories from the current content. It is useful in the +following cases: + +- calculate a security group based on a given + category of all Assifbment subobjects (ex. destination_project). This + is used for example in ERP5 to calculate + security of person objects so that members + of the same project can view each other. + +The parameters are + + base_category_list -- list of category values we need to retrieve + user_name -- string obtained from getSecurityManager().getUser().getId() + object -- object which we want to assign roles to + portal_type -- portal type of object + +NOTE: for now, this script requires proxy manager +""" + +category_list = [] + +if object is None: + return [] + +person_object = object + +# We look for every valid assignments of this user +for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}): + if assignment.getValidationState() == 'open': + category_dict = {} + for base_category in base_category_list: + category_value_list = assignment.getAcquiredValueList(base_category) + if category_value_list: + for category_value in category_value_list: + category_dict.setdefault(base_category, []).append('%s' % category_value.getRelativeUrl()) + category_list.append(category_dict) + +return category_list diff --git a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.xml b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.xml new file mode 100644 index 0000000000000000000000000000000000000000..08be46b567d0c14c21d493ca0f71a304552a528f --- /dev/null +++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.xml @@ -0,0 +1,62 @@ +<?xml version="1.0"?> +<ZopeData> + <record id="1" aka="AAAAAAAAAAE="> + <pickle> + <global name="PythonScript" module="Products.PythonScripts.PythonScript"/> + </pickle> + <pickle> + <dictionary> + <item> + <key> <string>Script_magic</string> </key> + <value> <int>3</int> </value> + </item> + <item> + <key> <string>_bind_names</string> </key> + <value> + <object> + <klass> + <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>_asgns</string> </key> + <value> + <dictionary> + <item> + <key> <string>name_container</string> </key> + <value> <string>container</string> </value> + </item> + <item> + <key> <string>name_context</string> </key> + <value> <string>context</string> </value> + </item> + <item> + <key> <string>name_m_self</string> </key> + <value> <string>script</string> </value> + </item> + <item> + <key> <string>name_subpath</string> </key> + <value> <string>traverse_subpath</string> </value> + </item> + </dictionary> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>_params</string> </key> + <value> <string>base_category_list, user_name, object, portal_type</string> </value> + </item> + <item> + <key> <string>id</string> </key> + <value> <string>ERP5Type_getSecurityCategoryFromChildAssignmentList</string> </value> + </item> + </dictionary> + </pickle> + </record> +</ZopeData> diff --git a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py index a927a9392dc37aeba9224885fb283e683608a8d3..24efae53079170858dfeb6016b637b66e379ae4b 100644 --- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py +++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py @@ -719,6 +719,29 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin): def test_TheUserHimself_Certificate(self): self.test_TheUserHimself(login_portal_type="Certificate Login") + def test_ProjectMember(self, login_portal_type="ERP5 Login"): + person = self.portal.person_module.newContent(portal_type='Person') + person.newContent(portal_type=login_portal_type) + project = self.portal.project_module.newContent( + portal_type="Project" + ) + project.validate() + person.newContent(portal_type='Assignment', + destination_project_value=project).open() + self.tic() + person.updateLocalRolesOnSecurityGroups() + + shadow_reference = 'SHADOW-%s' % person.getUserId() + self.assertSecurityGroup(person, + ['G-COMPANY', self.user_id, person.getUserId(), shadow_reference, + project.getReference()], False) + self.assertRoles(person, 'G-COMPANY', ['Assignor']) + self.assertRoles(person, person.getUserId(), ['Assignee']) + self.assertRoles(person, shadow_reference, ['Auditor']) + self.assertRoles(person, project.getReference(), ['Auditor']) + self.assertRoles(person, self.user_id, ['Owner']) + + class TestERP5Login(TestSlapOSGroupRoleSecurityMixin):