From 5e23aaeed43ba30f6195b2ea5f713670b0986d46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20G=C3=B3rny?= <bartek@gorny.edu.pl> Date: Mon, 30 Oct 2006 22:12:14 +0000 Subject: [PATCH] Implemented "personal/project" security classification git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@11015 20353a03-c40f-0410-a6d1-a30d3c3de9de --- .../PortalTypeRolesTemplateItem/Text.xml | 69 ++++++++----------- 1 file changed, 29 insertions(+), 40 deletions(-) diff --git a/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml b/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml index 7c50fa5fec..4d685556a1 100644 --- a/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml +++ b/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml @@ -1,54 +1,43 @@ <type_roles> - <role id='Assignor'> - <property id='title'>Team Reviewer</property> - <property id='description'>The head of the team who is in charge of reviewing documents published by his team. He is granted special rights on documents produced by his team.</property> - <property id='condition'>python: not object.getSourceProject()</property> - <property id='priority'>10.0</property> - <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property> - <multi_property id='category'>function/publication/reviewer</multi_property> - <multi_property id='base_category'>group</multi_property> - <multi_property id='base_category'>site</multi_property> - </role> - <role id='Assignee'> - <property id='title'>Project Assignees</property> - <property id='description'>In a project collaborative document, all project members have a right to access and modify a document before release or publication.</property> - <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/collaborative/project')</property> - <property id='priority'>10.0</property> - <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property> - <multi_property id='base_category'>source_project</multi_property> - </role> <role id='Associate'> - <property id='title'>Project Associates</property> - <property id='description'>In a project document, all project members have a right to access the document before it is released or published.</property> - <property id='condition'>python: object.getSourceProject()</property> - <property id='priority'>10.0</property> + <property id='title'>Project Assignees</property> + <property id='description'>Policy: personal/project +Rule: all project members have a right to access document once it has been shared or released</property> + <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property> + <property id='priority'>10</property> <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property> + <multi_property id='category'></multi_property> <multi_property id='base_category'>source_project</multi_property> </role> <role id='Assignor'> - <property id='title'>Project Reviewer</property> - <property id='description'>The head of the project who is in charge of reviewing documents produced by the project before release or publication.</property> - <property id='condition'>python: object.getSourceProject()</property> - <property id='priority'>10.0</property> + <property id='title'>P/P - Project Director</property> + <property id='description'>Policy: personal/project +Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property> + <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property> + <property id='priority'>10</property> <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property> <multi_property id='category'>function/project/director</multi_property> <multi_property id='base_category'>source_project</multi_property> - </role> - <role id='Associate'> - <property id='title'>Team Associates</property> - <property id='description'>All team members have a right to access non restricted documents before their release or publication.</property> - <property id='condition'>python:not object.isMemberOf('classification/personnal/restricted')</property> - <property id='priority'>10.0</property> - <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property> - <multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>function</multi_property> - <multi_property id='base_category'>site</multi_property> + </role> + <role id='Assignee'> + <property id='title'>P/P - Project Owner</property> + <property id='description'>Policy: personal/project +Rule: the creator is Assignee - can edit the doc and share it with the team</property> + <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property> + <property id='priority'>10</property> + <property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property> + <multi_property id='category'></multi_property> + <multi_property id='base_category'>reference</multi_property> </role> <role id='Auditor'> - <property id='title'>Management</property> - <property id='description'>Management has to access anydocument in the system.</property> - <property id='priority'>10.0</property> - <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property> - <multi_property id='category'>function/hq</multi_property> + <property id='title'>P/P - Organisation members</property> + <property id='description'>Policy: personal/project +Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)</property> + <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property> + <property id='priority'>10</property> + <property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property> + <multi_property id='category'></multi_property> + <multi_property id='base_category'>group</multi_property> </role> </type_roles> \ No newline at end of file -- 2.30.9