Commit 2cef0518 authored by Romain Courteaud's avatar Romain Courteaud

Simplify delivery security.

Deliveries/orders should not be created synchronously anymore.
Drop all permissions for users who used to modify them.
parent 041db9f6
No related merge requests found
<type_roles> <type_roles>
<role id='Assignor'>
<property id='title'>Computer</property>
<property id='description'>Monovalued role</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromMovementItem</property>
<multi_property id='base_category'>aggregate</multi_property>
</role>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Destination Decision</property> <property id='title'>Destination Decision</property>
<property id='description'>Monovalued role</property> <property id='description'>Monovalued role</property>
......
<type_roles> <type_roles>
<role id='Auditor'>
<property id='title'>Computer</property>
<property id='description'>Monovalued role</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromMovementItemByComputerPartition</property>
<multi_property id='base_category'>aggregate</multi_property>
</role>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Destination Decision</property> <property id='title'>Destination Decision</property>
<property id='description'>Monovalued role</property> <property id='description'>Monovalued role</property>
...@@ -16,10 +10,4 @@ ...@@ -16,10 +10,4 @@
<multi_property id='category'>group/company</multi_property> <multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>group</multi_property>
</role> </role>
<role id='Auditor'>
<property id='title'>Slave Instance related by Software Instance</property>
<property id='description'>Monovalued role</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromMovementItemBySoftwareInstance</property>
<multi_property id='base_category'>source</multi_property>
</role>
</type_roles> </type_roles>
\ No newline at end of file
<type_roles> <type_roles>
<role id='Assignor'>
<property id='title'>Computer</property>
<property id='description'>Monovalued role</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromMovementItemByComputerPartition</property>
<multi_property id='base_category'>aggregate</multi_property>
</role>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Destination Decision</property> <property id='title'>Destination Decision</property>
<property id='description'>Monovalued role</property> <property id='description'>Monovalued role</property>
...@@ -22,10 +16,4 @@ ...@@ -22,10 +16,4 @@
<multi_property id='category'>group/company</multi_property> <multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property> <multi_property id='base_category'>group</multi_property>
</role> </role>
<role id='Auditor'>
<property id='title'>Software Instance User become Auditor of Sale Packing List related to Slave Instance</property>
<property id='description'>Monovalued role</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromMovementItemBySoftwareInstance</property>
<multi_property id='base_category'>source</multi_property>
</role>
</type_roles> </type_roles>
\ No newline at end of file
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string># XXX For now, this script requires proxy manager\n
\n
# base_category_list : list of category values we need to retrieve\n
# user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n
# or from getSecurityManager().getUser().getId() [PluggableAuthService with ERP5GroupManager]\n
# object : object which we want to assign roles to.\n
# portal_type : portal type of object\n
\n
# must always return a list of dicts\n
\n
category_list = []\n
\n
if obj is None:\n
return []\n
\n
item_portal_type = "Hosting Subscription"\n
movement_portal_type = "Sale Packing List Line"\n
\n
portal = obj.getPortalObject()\n
\n
movement = portal.portal_catalog.getResultValue(\n
portal_type=movement_portal_type,\n
default_aggregate_uid=obj.getUid(),\n
aggregate_portal_type="Software Instance",\n
simulation_state=(\'stopped\',) + portal.getPortalReservedInventoryStateList() + portal.getPortalTransitInventoryStateList(),\n
)\n
\n
if movement is not None:\n
item = movement.getAggregateValue(portal_type=item_portal_type)\n
if item is not None:\n
category_list.append({"aggregate": [item.getRelativeUrl()]})\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, obj, portal_type</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromAggregateMovementItemByHostingSubscription</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string># XXX For now, this script requires proxy manager\n
\n
# base_category_list : list of category values we need to retrieve\n
# user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n
# or from getSecurityManager().getUser().getId() [PluggableAuthService with ERP5GroupManager]\n
# object : object which we want to assign roles to.\n
# portal_type : portal type of object\n
\n
# must always return a list of dicts\n
\n
category_list = []\n
\n
if obj is None:\n
return []\n
\n
if obj.getPortalType() == "Purchase Packing List":\n
item_portal_type = "Computer"\n
elif obj.getPortalType() == "Sale Packing List":\n
item_portal_type = "Software Instance"\n
else:\n
return []\n
\n
for movement in obj.getMovementList():\n
item = movement.getAggregateValue(portal_type=item_portal_type)\n
if item is not None:\n
category_list.append({"aggregate": [item.getRelativeUrl()]})\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, obj, portal_type</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromMovementItem</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string># XXX For now, this script requires proxy manager\n
\n
# base_category_list : list of category values we need to retrieve\n
# user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n
# or from getSecurityManager().getUser().getId() [PluggableAuthService with ERP5GroupManager]\n
# object : object which we want to assign roles to.\n
# portal_type : portal type of object\n
\n
# must always return a list of dicts\n
\n
category_list = []\n
\n
if obj is None:\n
return []\n
\n
item_portal_type = "Computer Partition"\n
\n
for movement in obj.getMovementList():\n
item = movement.getAggregateValue(portal_type=item_portal_type)\n
if item is not None:\n
category_list.append({"aggregate": [item.getParentValue().getRelativeUrl()]})\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, obj, portal_type</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromMovementItemByComputerPartition</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string># XXX For now, this script requires proxy manager\n
# must always return a list of dicts\n
\n
from Products.ZSQLCatalog.SQLCatalog import Query, ComplexQuery\n
category_list = []\n
\n
if obj is None:\n
return []\n
\n
portal = obj.getPortalObject()\n
state_list = portal.getPortalCurrentInventoryStateList() + \\\n
portal.getPortalReservedInventoryStateList() + \\\n
portal.getPortalTransitInventoryStateList()\n
\n
if obj.getPortalType() == "Sale Packing List":\n
movement_portal_type = "Sale Packing List Line"\n
elif obj.getPortalType() == "Sale Order":\n
movement_portal_type = "Sale Order Line"\n
\n
item_portal_type = "Slave Instance"\n
\n
for movement in obj.getMovementList():\n
item = movement.getAggregateValue(portal_type=item_portal_type)\n
if item is not None:\n
software_release = movement.getAggregateValue(portal_type="Software Release")\n
computer_partition = movement.getAggregateValue(portal_type="Computer Partition")\n
if computer_partition is None:\n
continue\n
query = ComplexQuery(\n
Query(aggregate_relative_url=computer_partition.getRelativeUrl()),\n
Query(aggregate_relative_url=software_release.getRelativeUrl()),\n
operator="AND",\n
)\n
catalog_result = portal.portal_catalog(portal_type=movement_portal_type,\n
simulation_state=state_list,\n
aggregate_relative_url=query,\n
)\n
for sale_packing_list_line in catalog_result:\n
software_instance = sale_packing_list_line.getAggregateValue(\n
portal_type="Software Instance")\n
if software_instance is not None:\n
return {"Auditor": [software_instance.getReference(),]}\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, obj, portal_type</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromMovementItemBySoftwareInstance</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
521 522
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment