slapos_erp5: Update Security on Organisation and Projects

Move access into assignment based security

slapos_erp5: Update Security on Organisation and Projects
Move access into assignment based security
40e29fa4 · Rafael Monnerat · 1aa79918 · 40e29fa4 · 40e29fa4 · 40e29fa4
Commit 40e29fa4 authored Dec 12, 2020 by Rafael Monnerat
3 changed files
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml
@@ -7,9 +7,17 @@
  </role>
  <role id='Auditor'>
   <property id='title'>Member</property>
+   <property id='description'>User can only see SlapOS company for invoice purposes.</property>
+   <property id='condition'>python: here.getGroup() == "company"</property>
   <multi_property id='category'>role/member</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Organisation Member</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
+   <multi_property id='categories'>local_role_group/organisation</multi_property>
+   <multi_property id='base_category'>destination</multi_property>
+  </role>
  <role id='Assignee'>
   <property id='title'>Person Owner</property>
   <property id='description'>XXXX Review this later</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml
@@ -5,11 +5,6 @@
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Member</property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
-  </role>
  <role id='Assignee'>
   <property id='title'>Person Owner</property>
   <property id='description'>XXXX Review this later</property>
@@ -23,4 +18,10 @@
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Project Member</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
+   <multi_property id='categories'>local_role_group/project</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -371,8 +371,6 @@ class TestDrawing(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(drawing, 'G-COMPANY', ['Assignor'])
    self.assertRoles(drawing, self.user_id, ['Owner'])

-  test_GroupCompany = test_SecurityForShacache
-
 class TestFile(TestSlapOSGroupRoleSecurityMixin):
  def test_SecurityForShacache(self):
    file_ = self.portal.document_module.newContent(portal_type='File')
@@ -387,8 +385,6 @@ class TestFile(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(file_, 'G-COMPANY', ['Assignor'])
    self.assertRoles(file_, self.user_id, ['Owner'])

-  test_GroupCompany = test_SecurityForShacache
-
 class TestHostingSubscription(TestSlapOSGroupRoleSecurityMixin):
  def test_RelatedSoftwareInstanceGroup(self):
    reference = 'TESTHS-%s' % self.generateNewId()
@@ -445,8 +441,6 @@ class TestImage(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(image, 'G-COMPANY', ['Assignor'])
    self.assertRoles(image, self.user_id, ['Owner'])

-  test_GroupCompany = test_SecurityForShacache
-
 class TestImageModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
    module = self.portal.image_module
@@ -463,11 +457,12 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin):
  def test_GroupCompany(self):
    organisation = self.portal.organisation_module.newContent(
        portal_type='Organisation')
+    organisation.setReference("TESTORG-%s" % self.generateNewId())
    organisation.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(organisation,
-        ['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False)
+        ['G-COMPANY', self.user_id, organisation.getReference(), 'R-SHADOW-PERSON'], False)
    self.assertRoles(organisation, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(organisation, 'R-MEMBER', ['Auditor'])
+    self.assertRoles(organisation, organisation.getReference(), ['Assignee'])
    self.assertRoles(organisation, 'R-SHADOW-PERSON', ['Auditor'])
    self.assertRoles(organisation, self.user_id, ['Owner', 'Assignee'])

@@ -498,14 +493,15 @@ class TestProjectModule(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(module, self.user_id, ['Owner'])

 class TestProject(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+
+  def test(self):
    project = self.portal.project_module.newContent(
        portal_type='Project')
    project.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(project,
-        ['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False)
+        ['G-COMPANY', self.user_id, project.getReference(), 'R-SHADOW-PERSON'], False)
    self.assertRoles(project, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(project, 'R-MEMBER', ['Auditor'])
+    self.assertRoles(project, project.getReference(), ['Assignee'])
    self.assertRoles(project, 'R-SHADOW-PERSON', ['Auditor'])
    self.assertRoles(project, self.user_id, ['Owner', 'Assignee'])

@@ -523,8 +519,6 @@ class TestPDF(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(pdf, 'G-COMPANY', ['Assignor'])
    self.assertRoles(pdf, self.user_id, ['Owner'])

-  test_GroupCompany = test_SecurityForShacache
-
 class TestPerson(TestSlapOSGroupRoleSecurityMixin):
  def test_GroupCompany(self):
    person = self.portal.person_module.newContent(portal_type='Person')
@@ -645,8 +639,6 @@ class TestPresentation(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(presentation, 'G-COMPANY', ['Assignor'])
    self.assertRoles(presentation, self.user_id, ['Owner'])

-  test_GroupCompany = test_SecurityForShacache
-
 class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin):
  def test_GroupCompany(self):
    instance = self.portal.software_instance_module.newContent(
@@ -898,8 +890,6 @@ class TestSpreadsheet(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(spreadsheet, 'G-COMPANY', ['Assignor'])
    self.assertRoles(spreadsheet, self.user_id, ['Owner'])

-  test_GroupCompany = test_SecurityForShacache
-
 class TestText(TestSlapOSGroupRoleSecurityMixin):
  def test_SecurityForShacache(self):
    text = self.portal.document_module.newContent(
@@ -915,8 +905,6 @@ class TestText(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(text, 'G-COMPANY', ['Assignor'])
    self.assertRoles(text, self.user_id, ['Owner'])

-  test_GroupCompany = test_SecurityForShacache
-
 class TestContributionTool(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
    module = self.portal.portal_contributions