From 1664e5419ed0f2a0ef95e6e905caa170852df31b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com> Date: Fri, 15 Sep 2017 05:29:01 +0000 Subject: [PATCH] dms: do not grant permissions based on Owner role .. except from Draft and Submitted state. Document security should be based on group, site, function defined on document, sometimes publication section and or follow up, but the owner should only be considered in draft state. For conveniance (and compatibility), Owner is also allowed to view in Submitted state. The use case is for when a user submit a document he will not be allowed to see, for example because he made a mistake when choosing properties, user is still allowed to view the document and there's no unauthorized error. We want to allow a user to set properties before publishing a document and later, once the document is no longer draft, the security of the document will be depending on these properties. We want to prevent users to get permissions on a PDF document that would be created by interactions and they are not supposed to see. For exemple when we generate a PDF invoice and store it in document module. In this case, as the interaction runs as the user, this user will have Owner role implicitely. --- .../states/archived.xml | 12 ++---------- .../states/assigned.xml | 7 +------ .../states/cancelled.xml | 12 ++---------- .../document_publication_workflow/states/hidden.xml | 7 +------ .../states/published.xml | 12 ++---------- .../states/published_alive.xml | 7 +------ .../states/released.xml | 12 ++---------- .../states/released_alive.xml | 7 +------ .../states/requested.xml | 7 +------ .../document_publication_workflow/states/shared.xml | 7 +------ .../states/shared_alive.xml | 7 +------ .../document_publication_workflow/states/split.xml | 7 +------ .../states/translated.xml | 7 +------ 13 files changed, 17 insertions(+), 94 deletions(-) diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml index 288c6cd34b..43934234c7 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml @@ -41,18 +41,12 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <tuple> - <string>Persistence</string> - <string>PersistentMapping</string> - </tuple> - <none/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> <item> - <key> <string>_container</string> </key> + <key> <string>data</string> </key> <value> <dictionary> <item> @@ -63,7 +57,6 @@ <string>Assignor</string> <string>Associate</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -101,7 +94,6 @@ <string>Assignor</string> <string>Associate</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/assigned.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/assigned.xml index 16ec2b17eb..6ee7fcc3ef 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/assigned.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/assigned.xml @@ -46,10 +46,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -64,7 +61,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -104,7 +100,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml index c743f5a96b..17bb63e3b3 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml @@ -44,18 +44,12 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <tuple> - <string>Persistence</string> - <string>PersistentMapping</string> - </tuple> - <none/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> <item> - <key> <string>_container</string> </key> + <key> <string>data</string> </key> <value> <dictionary> <item> @@ -65,7 +59,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -100,7 +93,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml index 99f9ee9bf0..45b642f2be 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml @@ -56,10 +56,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -74,7 +71,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -114,7 +110,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published.xml index 45a2c1b483..6e00642e18 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published.xml @@ -48,18 +48,12 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <tuple> - <string>Persistence</string> - <string>PersistentMapping</string> - </tuple> - <none/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> <item> - <key> <string>_container</string> </key> + <key> <string>data</string> </key> <value> <dictionary> <item> @@ -72,7 +66,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -112,7 +105,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published_alive.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published_alive.xml index 9e4385b734..8448c07193 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published_alive.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published_alive.xml @@ -48,10 +48,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -69,7 +66,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -112,7 +108,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml index eab2209b03..c49b444491 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml @@ -50,18 +50,12 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <tuple> - <string>Persistence</string> - <string>PersistentMapping</string> - </tuple> - <none/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> <item> - <key> <string>_container</string> </key> + <key> <string>data</string> </key> <value> <dictionary> <item> @@ -73,7 +67,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -112,7 +105,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released_alive.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released_alive.xml index 67d8a0c3c3..fca7389aa1 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released_alive.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released_alive.xml @@ -52,10 +52,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -72,7 +69,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -114,7 +110,6 @@ <string>Associate</string> <string>Auditor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/requested.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/requested.xml index 5d7ed7565e..95e7829538 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/requested.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/requested.xml @@ -46,10 +46,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -64,7 +61,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -102,7 +98,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml index 8dcdb19f83..9c01550ee5 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml @@ -50,10 +50,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -69,7 +66,6 @@ <string>Assignor</string> <string>Associate</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -107,7 +103,6 @@ <string>Assignor</string> <string>Associate</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared_alive.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared_alive.xml index ba80358ac9..d0ba538ef5 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared_alive.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared_alive.xml @@ -56,10 +56,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -75,7 +72,6 @@ <string>Assignor</string> <string>Associate</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -116,7 +112,6 @@ <string>Assignor</string> <string>Associate</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/split.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/split.xml index 70916c26b2..5b0c114ffc 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/split.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/split.xml @@ -44,10 +44,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -62,7 +59,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -102,7 +98,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/translated.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/translated.xml index bdeb5da489..276ffdc2de 100644 --- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/translated.xml +++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/translated.xml @@ -48,10 +48,7 @@ </record> <record id="2" aka="AAAAAAAAAAI="> <pickle> - <tuple> - <global name="PersistentMapping" module="Persistence.mapping"/> - <tuple/> - </tuple> + <global name="PersistentMapping" module="Persistence.mapping"/> </pickle> <pickle> <dictionary> @@ -66,7 +63,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> @@ -104,7 +100,6 @@ <string>Assignee</string> <string>Assignor</string> <string>Manager</string> - <string>Owner</string> </tuple> </value> </item> -- 2.30.9