core: cleanup Base_setDefaultSecurity.

product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml

@@ -52,11 +52,8 @@
             <key> <string>_body</string> </key>
             <value> <string>permission_list = context.possible_permissions()\n
 \n
-# First, remove all permissions (very secure by default)\n
-# We should keep only Manager, or we will not be able to\n
-# do the end of the script\n
-for permission in permission_list:\n
-  context.manage_permission(permission, [\'Manager\'], 0)\n
+# First, only Manager has the permission by default\n
+manager_permission_list = permission_list\n
 \n
 # Then, define default ERP5 permissions\n
 common_permission_list = [p for p in [\n
@@ -91,7 +88,7 @@ erp5_role_dict = {\n
   \'Associate\': common_permission_list + auditor_permission_list,\n
   \'Auditor\' : common_permission_list + auditor_permission_list,\n
   \'Author\': common_permission_list + author_permission_list,\n
-  \'Manager\': permission_list\n
+  \'Manager\': manager_permission_list\n
 }\n
 \n
 # Add ERP5 permissions\n
@@ -102,8 +99,12 @@ for role,permission_list in erp5_role_dict.items():\n
       erp5_permission_dict[permission] = []\n
     erp5_permission_dict[permission].append(role)\n
 \n
-for permission,role_list in erp5_permission_dict.items():\n
-  context.manage_permission(permission,role_list, 0)\n
+for permission,role_list in sorted(erp5_permission_dict.items()):\n
+  # Acquire permission if the role list is same as parent\n
+  if sorted([x[\'name\'] for x in context.aq_parent.rolesOfPermission(permission) if x[\'selected\']]) == sorted(role_list):\n
+    context.manage_permission(permission, [], 1)\n
+  else:\n
+    context.manage_permission(permission,role_list, 0)\n
 \n
 return "finished"\n
 </string> </value>