Commit 40e29fa4 authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_erp5: Update Security on Organisation and Projects

  Move access into assignment based security
parent 1aa79918
...@@ -7,9 +7,17 @@ ...@@ -7,9 +7,17 @@
</role> </role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>Member</property> <property id='title'>Member</property>
<property id='description'>User can only see SlapOS company for invoice purposes.</property>
<property id='condition'>python: here.getGroup() == "company"</property>
<multi_property id='category'>role/member</multi_property> <multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
</role> </role>
<role id='Assignee'>
<property id='title'>Organisation Member</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
<multi_property id='categories'>local_role_group/organisation</multi_property>
<multi_property id='base_category'>destination</multi_property>
</role>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Person Owner</property> <property id='title'>Person Owner</property>
<property id='description'>XXXX Review this later</property> <property id='description'>XXXX Review this later</property>
......
...@@ -5,11 +5,6 @@ ...@@ -5,11 +5,6 @@
<multi_property id='category'>group/company</multi_property> <multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>group</multi_property>
</role> </role>
<role id='Auditor'>
<property id='title'>Member</property>
<multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Person Owner</property> <property id='title'>Person Owner</property>
<property id='description'>XXXX Review this later</property> <property id='description'>XXXX Review this later</property>
...@@ -23,4 +18,10 @@ ...@@ -23,4 +18,10 @@
<multi_property id='category'>role/shadow/person</multi_property> <multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
</role> </role>
<role id='Assignee'>
<property id='title'>Project Member</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
<multi_property id='categories'>local_role_group/project</multi_property>
<multi_property id='base_category'>destination_project</multi_property>
</role>
</type_roles> </type_roles>
\ No newline at end of file
...@@ -371,8 +371,6 @@ class TestDrawing(TestSlapOSGroupRoleSecurityMixin): ...@@ -371,8 +371,6 @@ class TestDrawing(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(drawing, 'G-COMPANY', ['Assignor']) self.assertRoles(drawing, 'G-COMPANY', ['Assignor'])
self.assertRoles(drawing, self.user_id, ['Owner']) self.assertRoles(drawing, self.user_id, ['Owner'])
test_GroupCompany = test_SecurityForShacache
class TestFile(TestSlapOSGroupRoleSecurityMixin): class TestFile(TestSlapOSGroupRoleSecurityMixin):
def test_SecurityForShacache(self): def test_SecurityForShacache(self):
file_ = self.portal.document_module.newContent(portal_type='File') file_ = self.portal.document_module.newContent(portal_type='File')
...@@ -387,8 +385,6 @@ class TestFile(TestSlapOSGroupRoleSecurityMixin): ...@@ -387,8 +385,6 @@ class TestFile(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(file_, 'G-COMPANY', ['Assignor']) self.assertRoles(file_, 'G-COMPANY', ['Assignor'])
self.assertRoles(file_, self.user_id, ['Owner']) self.assertRoles(file_, self.user_id, ['Owner'])
test_GroupCompany = test_SecurityForShacache
class TestHostingSubscription(TestSlapOSGroupRoleSecurityMixin): class TestHostingSubscription(TestSlapOSGroupRoleSecurityMixin):
def test_RelatedSoftwareInstanceGroup(self): def test_RelatedSoftwareInstanceGroup(self):
reference = 'TESTHS-%s' % self.generateNewId() reference = 'TESTHS-%s' % self.generateNewId()
...@@ -445,8 +441,6 @@ class TestImage(TestSlapOSGroupRoleSecurityMixin): ...@@ -445,8 +441,6 @@ class TestImage(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(image, 'G-COMPANY', ['Assignor']) self.assertRoles(image, 'G-COMPANY', ['Assignor'])
self.assertRoles(image, self.user_id, ['Owner']) self.assertRoles(image, self.user_id, ['Owner'])
test_GroupCompany = test_SecurityForShacache
class TestImageModule(TestSlapOSGroupRoleSecurityMixin): class TestImageModule(TestSlapOSGroupRoleSecurityMixin):
def test(self): def test(self):
module = self.portal.image_module module = self.portal.image_module
...@@ -463,11 +457,12 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin): ...@@ -463,11 +457,12 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self): def test_GroupCompany(self):
organisation = self.portal.organisation_module.newContent( organisation = self.portal.organisation_module.newContent(
portal_type='Organisation') portal_type='Organisation')
organisation.setReference("TESTORG-%s" % self.generateNewId())
organisation.updateLocalRolesOnSecurityGroups() organisation.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(organisation, self.assertSecurityGroup(organisation,
['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False) ['G-COMPANY', self.user_id, organisation.getReference(), 'R-SHADOW-PERSON'], False)
self.assertRoles(organisation, 'G-COMPANY', ['Assignor']) self.assertRoles(organisation, 'G-COMPANY', ['Assignor'])
self.assertRoles(organisation, 'R-MEMBER', ['Auditor']) self.assertRoles(organisation, organisation.getReference(), ['Assignee'])
self.assertRoles(organisation, 'R-SHADOW-PERSON', ['Auditor']) self.assertRoles(organisation, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(organisation, self.user_id, ['Owner', 'Assignee']) self.assertRoles(organisation, self.user_id, ['Owner', 'Assignee'])
...@@ -498,14 +493,15 @@ class TestProjectModule(TestSlapOSGroupRoleSecurityMixin): ...@@ -498,14 +493,15 @@ class TestProjectModule(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(module, self.user_id, ['Owner']) self.assertRoles(module, self.user_id, ['Owner'])
class TestProject(TestSlapOSGroupRoleSecurityMixin): class TestProject(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self):
def test(self):
project = self.portal.project_module.newContent( project = self.portal.project_module.newContent(
portal_type='Project') portal_type='Project')
project.updateLocalRolesOnSecurityGroups() project.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(project, self.assertSecurityGroup(project,
['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False) ['G-COMPANY', self.user_id, project.getReference(), 'R-SHADOW-PERSON'], False)
self.assertRoles(project, 'G-COMPANY', ['Assignor']) self.assertRoles(project, 'G-COMPANY', ['Assignor'])
self.assertRoles(project, 'R-MEMBER', ['Auditor']) self.assertRoles(project, project.getReference(), ['Assignee'])
self.assertRoles(project, 'R-SHADOW-PERSON', ['Auditor']) self.assertRoles(project, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(project, self.user_id, ['Owner', 'Assignee']) self.assertRoles(project, self.user_id, ['Owner', 'Assignee'])
...@@ -523,8 +519,6 @@ class TestPDF(TestSlapOSGroupRoleSecurityMixin): ...@@ -523,8 +519,6 @@ class TestPDF(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(pdf, 'G-COMPANY', ['Assignor']) self.assertRoles(pdf, 'G-COMPANY', ['Assignor'])
self.assertRoles(pdf, self.user_id, ['Owner']) self.assertRoles(pdf, self.user_id, ['Owner'])
test_GroupCompany = test_SecurityForShacache
class TestPerson(TestSlapOSGroupRoleSecurityMixin): class TestPerson(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self): def test_GroupCompany(self):
person = self.portal.person_module.newContent(portal_type='Person') person = self.portal.person_module.newContent(portal_type='Person')
...@@ -645,8 +639,6 @@ class TestPresentation(TestSlapOSGroupRoleSecurityMixin): ...@@ -645,8 +639,6 @@ class TestPresentation(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(presentation, 'G-COMPANY', ['Assignor']) self.assertRoles(presentation, 'G-COMPANY', ['Assignor'])
self.assertRoles(presentation, self.user_id, ['Owner']) self.assertRoles(presentation, self.user_id, ['Owner'])
test_GroupCompany = test_SecurityForShacache
class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin): class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self): def test_GroupCompany(self):
instance = self.portal.software_instance_module.newContent( instance = self.portal.software_instance_module.newContent(
...@@ -898,8 +890,6 @@ class TestSpreadsheet(TestSlapOSGroupRoleSecurityMixin): ...@@ -898,8 +890,6 @@ class TestSpreadsheet(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(spreadsheet, 'G-COMPANY', ['Assignor']) self.assertRoles(spreadsheet, 'G-COMPANY', ['Assignor'])
self.assertRoles(spreadsheet, self.user_id, ['Owner']) self.assertRoles(spreadsheet, self.user_id, ['Owner'])
test_GroupCompany = test_SecurityForShacache
class TestText(TestSlapOSGroupRoleSecurityMixin): class TestText(TestSlapOSGroupRoleSecurityMixin):
def test_SecurityForShacache(self): def test_SecurityForShacache(self):
text = self.portal.document_module.newContent( text = self.portal.document_module.newContent(
...@@ -915,8 +905,6 @@ class TestText(TestSlapOSGroupRoleSecurityMixin): ...@@ -915,8 +905,6 @@ class TestText(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(text, 'G-COMPANY', ['Assignor']) self.assertRoles(text, 'G-COMPANY', ['Assignor'])
self.assertRoles(text, self.user_id, ['Owner']) self.assertRoles(text, self.user_id, ['Owner'])
test_GroupCompany = test_SecurityForShacache
class TestContributionTool(TestSlapOSGroupRoleSecurityMixin): class TestContributionTool(TestSlapOSGroupRoleSecurityMixin):
def test(self): def test(self):
module = self.portal.portal_contributions module = self.portal.portal_contributions
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment