From 5e23aaeed43ba30f6195b2ea5f713670b0986d46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartek=20G=C3=B3rny?= <bartek@gorny.edu.pl>
Date: Mon, 30 Oct 2006 22:12:14 +0000
Subject: [PATCH] Implemented "personal/project" security classification

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@11015 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../PortalTypeRolesTemplateItem/Text.xml      | 69 ++++++++-----------
 1 file changed, 29 insertions(+), 40 deletions(-)

diff --git a/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml b/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
index 7c50fa5fec..4d685556a1 100644
--- a/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
+++ b/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
@@ -1,54 +1,43 @@
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Team Reviewer</property>
-   <property id='description'>The head of the team who is in charge of reviewing documents published by his team. He is granted special rights on documents produced by his team.</property>
-   <property id='condition'>python: not object.getSourceProject()</property>
-   <property id='priority'>10.0</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
-   <multi_property id='category'>function/publication/reviewer</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-   <multi_property id='base_category'>site</multi_property>
-  </role>
-  <role id='Assignee'>
-   <property id='title'>Project Assignees</property>
-   <property id='description'>In a project collaborative document, all project members have a right to access and modify a document before release or publication.</property>
-   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/collaborative/project')</property>
-   <property id='priority'>10.0</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
-   <multi_property id='base_category'>source_project</multi_property>
-  </role>
   <role id='Associate'>
-   <property id='title'>Project Associates</property>
-   <property id='description'>In a project document, all project members have a right to access the document before it is released or published.</property>
-   <property id='condition'>python: object.getSourceProject()</property>
-   <property id='priority'>10.0</property>
+   <property id='title'>Project Assignees</property>
+   <property id='description'>Policy: personal/project
+Rule: all project members have a right to access document once it has been shared or released</property>
+   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='priority'>10</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
+   <multi_property id='category'></multi_property>
    <multi_property id='base_category'>source_project</multi_property>
   </role>
   <role id='Assignor'>
-   <property id='title'>Project Reviewer</property>
-   <property id='description'>The head of the project who is in charge of reviewing documents produced by the project before release or publication.</property>
-   <property id='condition'>python: object.getSourceProject()</property>
-   <property id='priority'>10.0</property>
+   <property id='title'>P/P - Project Director</property>
+   <property id='description'>Policy: personal/project
+Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
+   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='priority'>10</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
    <multi_property id='category'>function/project/director</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
-  </role>
-  <role id='Associate'>
-   <property id='title'>Team Associates</property>
-   <property id='description'>All team members have a right to access non restricted documents before their release or publication.</property>
-   <property id='condition'>python:not object.isMemberOf('classification/personnal/restricted')</property>
-   <property id='priority'>10.0</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
-   <multi_property id='base_category'>group</multi_property>
    <multi_property id='base_category'>function</multi_property>
-   <multi_property id='base_category'>site</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>P/P - Project Owner</property>
+   <property id='description'>Policy: personal/project
+Rule: the creator is Assignee - can edit the doc and share it with the team</property>
+   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property>
+   <multi_property id='category'></multi_property>
+   <multi_property id='base_category'>reference</multi_property>
   </role>
   <role id='Auditor'>
-   <property id='title'>Management</property>
-   <property id='description'>Management has to access anydocument in the system.</property>
-   <property id='priority'>10.0</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
-   <multi_property id='category'>function/hq</multi_property>
+   <property id='title'>P/P - Organisation members</property>
+   <property id='description'>Policy: personal/project
+Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)</property>
+   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
+   <multi_property id='category'></multi_property>
+   <multi_property id='base_category'>group</multi_property>
   </role>
 </type_roles>
\ No newline at end of file
-- 
2.30.9