ERP5Workflow: use Nexedi patched version of guard check

this will allow the use of proxy_roles
fixes, among others, broken tests on packing list

product/ERP5Workflow/mixin/guardable.py

@@ -35,12 +35,24 @@ class GuardableMixin(object):
     self.guard_permission or self.guard_role
 
   def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw):
-    """Checks conditions in this guard.
+    """
+    Checks conditions in this guard.
+    original source code from DCWorkflow (Nexedi patched version for use of
+    proxy_roles)
     """
     user_roles = None
+
+    def getRoles():
+      stack = security_manager._context.stack
+      if stack:
+        proxy_roles = getattr(stack[-1], '_proxy_roles', None)
+        if proxy_roles:
+          return proxy_roles
+      return security_manager.getUser().getRolesInContext(current_object)
+
     if workflow.manager_bypass:
       # Possibly bypass.
-      user_roles = security_manager.getUser().getRolesInContext(current_object)
+      user_roles = getRoles()
       if 'Manager' in user_roles:
         return True
     if self.guard_permission:
@@ -52,8 +64,7 @@ class GuardableMixin(object):
     if check_roles and self.guard_role:
       # Require at least one of the given roles.
       if user_roles is None:
-        user_roles = security_manager.getUser()\
-                       .getRolesInContext(current_object)
+        user_roles = getRoles()
       for role in self.guard_role:
         if role in user_roles:
           break