Commit 44960025 authored by Bartek Górny's avatar Bartek Górny

Changed security script naming - not to overwrite ERP5Type_getSecurityCategoryFromAssignment

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12591 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 4b44364c
<type_roles>
<role id='Associate'>
<property id='title'>Project Associates</property>
<property id='description'>Policy: */project
<property id='description'>Policy: */project
Rule: all project members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10.0</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Project Director</property>
<property id='description'>Policy: */project
<property id='description'>Policy: */project
Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10.0</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>function</multi_property>
......@@ -21,87 +22,93 @@ Rule: project director is an Assignor (has management rights to the doc - can re
</role>
<role id='Assignee'>
<property id='title'>Owner</property>
<property id='description'>Policy: */*
<property id='description'>Policy: */*
Rule: the creator is Assignee - can edit the doc and submit it</property>
<property id='priority'>10.0</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>reference</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Organisation members</property>
<property id='description'>Policy: */*
Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
<property id='description'>Policy: */*
Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
This does not apply if it is a project document and does not have a project</property>
<property id='condition'>python: not object.Document_policyApplies('*/restricted') and (object.Document_policyApplies('*/project') or not object.Document_policyApplies('*/project',True) )</property>
<property id='priority'>10.0</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Project Collaborators</property>
<property id='description'>Policy: collaborative/project
<property id='description'>Policy: collaborative/project
Rule: all members of project team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/project')</property>
<property id='priority'>10.0</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Team Director</property>
<property id='description'>Policy: */team
<property id='description'>Policy: */team
Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'>function/auc/department/director_of_department</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Team Deputy</property>
<property id='description'>Policy: */team
<property id='description'>Policy: */team
Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'>function/auc/department/deputy_director_of_department</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Associate'>
<property id='title'>Team Associates</property>
<property id='description'>Policy: */team
<property id='description'>Policy: */team
Rule: all team members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Team Collaborators</property>
<property id='description'>Policy: collaborative/team
<property id='description'>Policy: collaborative/team
Rule: all members of the team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/team')</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Public Collaborators</property>
<property id='description'>Policy: collaborative/public
<property id='description'>Policy: collaborative/public
Rule: everyone in the organisation (root group) can edit the doc before it is submitted, and can suggest its publication</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
<property id='priority'>10.0</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Public Reviewer</property>
<property id='description'>Policy: collaborative/public
<property id='description'>Policy: collaborative/public
Rule: any person with knowledge/manager role can publish the document and manage access rights to it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
......
......@@ -69,11 +69,11 @@
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
This does the same as ERP5Type_getSecurityCategoryFromAssignment, but we use it if we want\n
This does the same as ERP5Type_getSecurityCategoryFromAssignmentTree, but we use it if we want\n
only the group the user is directly assigned to (not the whole group hierarchy path).\n
"""\n
\n
return context.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, object, portal_type, strict=True)\n
return context.ERP5Type_getSecurityCategoryFromAssignmentTree(base_category_list, user_name, object, portal_type, strict=True)\n
</string> </value>
</item>
<item>
......
......@@ -239,7 +239,7 @@ return category_list\n
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromAssignment</string> </value>
<value> <string>ERP5Type_getSecurityCategoryFromAssignmentTree</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
......
......@@ -75,10 +75,10 @@ Core security script - defines the way to get security groups of the current use
# XXX-JPS This code is quite frightening. I wonder really what it is for.\n
\n
return (\n
(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'function\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'source_project\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'function\', \'source_project\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'group\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'function\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'source_project\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'function\', \'source_project\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'group\'] ),\n
(\'ERP5Type_getSecurityCategoryRoot\', [\'group\']),\n
)\n
</string> </value>
......
......@@ -69,14 +69,14 @@
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
This is the same as ERP5Type_getSecurityCategoryFromAssignment\n
This is the same as ERP5Type_getSecurityCategoryFromAssignmentTree\n
only it returns only the first part of category\n
It is used e.g. to figure out if the user is working anywhere\n
in the certain organisation - for this, all we need is the first part\n
of the group category.\n
"""\n
\n
return context.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, object, portal_type, strict=True, root=True)\n
return context.ERP5Type_getSecurityCategoryFromAssignmentTree(base_category_list, user_name, object, portal_type, strict=True, root=True)\n
</string> </value>
</item>
<item>
......
506
\ No newline at end of file
508
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment