Reimplement SlapOSMachineAuthenticationPlugin and SlapOSShadowAuthenticationPlugin

The reimplementation make both complaint with ERP5LoginUserManager

  Include custom ERP5Type_asSecurityGroupId (Required for Computer and Software Instance usage of user_id)
  machine_login was renamed to external_login to be complaint with ERP5LoginUserManager

  On SlapOSShadowAuthenticationPlugin, the enumerateUsers contains a huge copied code from
       ERP5LoginUserManager, which could be be factoried in a sense in future.

  Update related tests and code to:

   - Add ERP5 Login in person, Computer and Software Instance
   - Set user id while create or clone objects
   - Update ROLES and logins (for tests) to use User ID instead reference.
   - Login is defined by ERP5 Login and not by object reference.

master/bt5/slapos_accounting/TestTemplateItem/portal_components/test.erp5.testSlapOSConsumptionSkins.py

@@ -7,28 +7,8 @@
 
 import transaction
 from Products.SlapOS.tests.testSlapOSMixin import \
-  testSlapOSMixin, withAbort
+  testSlapOSMixin, withAbort, simulate
 from zExceptions import Unauthorized
-from functools import wraps
-from Products.ERP5Type.tests.utils import createZODBPythonScript
-
-def simulate(script_id, params_string, code_string):
-  def upperWrap(f):
-    @wraps(f)
-    def decorated(self, *args, **kw):
-      if script_id in self.portal.portal_skins.custom.objectIds():
-        raise ValueError('Precondition failed: %s exists in custom' % script_id)
-      createZODBPythonScript(self.portal.portal_skins.custom,
-                          script_id, params_string, code_string)
-      try:
-        result = f(self, *args, **kw)
-      finally:
-        if script_id in self.portal.portal_skins.custom.objectIds():
-          self.portal.portal_skins.custom.manage_delObjects(script_id)
-        transaction.commit()
-      return result
-    return decorated
-  return upperWrap
 
 class TestSlapOSComputer_reportComputerConsumption(testSlapOSMixin):
 

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py

@@ -13,10 +13,10 @@ class Person(ERP5Person):
       # in ERP5 user has no SetOwnPassword permission on Person document
       # referring himself, so implement "security" by checking that currently
       # logged in user is trying to get/revoke his own certificate
-      reference = self.getReference()
-      if not reference:
+      user_id = self.getUserId()
+      if not user_id:
         raise
-      if getSecurityManager().getUser().getId() != reference:
+      if getSecurityManager().getUser().getId() != user_id:
         raise
 
   def _getCertificate(self):

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml

@@ -6,10 +6,22 @@
     </pickle>
     <pickle>
       <dictionary>
+        <item>
+            <key> <string>_recorded_property_dict</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>default_reference</string> </key>
             <value> <string>Person</string> </value>
         </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>document.erp5.Person</string> </value>
@@ -43,13 +55,28 @@
         <item>
             <key> <string>workflow_history</string> </key>
             <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
             </value>
         </item>
       </dictionary>
     </pickle>
   </record>
   <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="PersistentMapping" module="Persistence.mapping"/>
     </pickle>
@@ -62,7 +89,7 @@
                 <item>
                     <key> <string>component_validation_workflow</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -71,7 +98,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="3" aka="AAAAAAAAAAM=">
+  <record id="4" aka="AAAAAAAAAAQ=">
     <pickle>
       <global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
     </pickle>

master/bt5/slapos_cloud/ExtensionTemplateItem/portal_components/extension.erp5.SlapOSCloud.py

@@ -43,10 +43,12 @@ def SoftwareInstance_bangAsSelf(self, relative_url=None, reference=None,
   if (software_instance.getPortalType() == "Slave Instance") and \
     (software_instance.getReference() == reference):
     # XXX There is no account for Slave Instance
-    reference = ERP5Security.SUPER_USER
+    user_id = ERP5Security.SUPER_USER
+  else:
+    user_id = software_instance.getUserId()
 
   newSecurityManager(None, self.getPortalObject().acl_users.getUserById(
-    reference))
+    user_id))
   try:
     software_instance.bang(bang_tree=True, comment=comment)
   finally:

master/bt5/slapos_cloud/ExtensionTemplateItem/portal_components/extension.erp5.SlapOSSecurity.py

@@ -30,7 +30,7 @@ from AccessControl.SecurityManagement import getSecurityManager, \
              setSecurityManager, newSecurityManager
 from AccessControl import Unauthorized
 
-def getComputerSecurityCategory(self, base_category_list, user_name, 
+def getComputerSecurityCategory(self, base_category_list, user_name,
                                 object, portal_type):
   """
   This script returns a list of dictionaries which represent
@@ -39,8 +39,8 @@ def getComputerSecurityCategory(self, base_category_list, user_name,
   category_list = []
 
   computer_list = self.portal_catalog.unrestrictedSearchResults(
-    portal_type='Computer', 
-    reference=user_name,
+    portal_type='Computer',
+    user_id=user_name,
     validation_state="validated",
     limit=2,
   )
@@ -51,12 +51,12 @@ def getComputerSecurityCategory(self, base_category_list, user_name,
         category_list.append(
          {base_category: ['role/computer']})
   elif len(computer_list) > 1:
-    raise ConsistencyError, "Error: There is more than one Computer " \
-                            "with reference '%s'" % user_name
+    raise ConsistencyError("Error: There is more than one Computer " \
+                            "with reference '%s'" % user_name)
 
   return category_list
 
-def getSoftwareInstanceSecurityCategory(self, base_category_list, user_name, 
+def getSoftwareInstanceSecurityCategory(self, base_category_list, user_name,
                                 object, portal_type):
   """
   This script returns a list of dictionaries which represent
@@ -65,8 +65,8 @@ def getSoftwareInstanceSecurityCategory(self, base_category_list, user_name,
   category_list = []
 
   software_instance_list = self.portal_catalog.unrestrictedSearchResults(
-    portal_type='Software Instance', 
-    reference=user_name,
+    portal_type='Software Instance',
+    user_id=user_name,
     validation_state="validated",
     limit=2,
   )
@@ -83,8 +83,8 @@ def getSoftwareInstanceSecurityCategory(self, base_category_list, user_name,
           category_dict.setdefault(base_category, []).append(hosting_item.getRelativeUrl())
     category_list.append(category_dict)
   elif len(software_instance_list) > 1:
-    raise ConsistencyError, "Error: There is more than one Software Instance " \
-                            "with reference %r" % user_name
+    raise ConsistencyError("Error: There is more than one Software Instance " \
+                            "with reference %r" % user_name)
 
   return category_list
 
@@ -109,14 +109,14 @@ def restrictMethodAsShadowUser(self, shadow_document=None, callable_object=None,
     # Switch to the shadow user temporarily, so that the behavior would not
     # change even if this method is invoked by random users.
     acl_users = shadow_document.getPortalObject().acl_users
-    reference = shadow_document.getReference()
-    if reference is None:
+    user_id = shadow_document.getUserId()
+    if user_id is None:
       raise Unauthorized('%r is not configured' % relative_url)
-    real_user = acl_users.getUserById(reference)
+    real_user = acl_users.getUserById(user_id)
     if real_user is None:
       raise Unauthorized('%s is not loggable user' % relative_url)
     sm = getSecurityManager()
-    shadow_user = acl_users.getUserById('SHADOW-' + reference)
+    shadow_user = acl_users.getUserById('SHADOW-' + user_id)
     if shadow_user is None:
       raise Unauthorized('Shadow of %s is not loggable user' % relative_url)
     newSecurityManager(None, shadow_user)

master/bt5/slapos_cloud/ExtensionTemplateItem/portal_components/extension.erp5.SlapOSSecurity.xml

@@ -6,10 +6,22 @@
     </pickle>
     <pickle>
       <dictionary>
+        <item>
+            <key> <string>_recorded_property_dict</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>default_reference</string> </key>
             <value> <string>SlapOSSecurity</string> </value>
         </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>extension.erp5.SlapOSSecurity</string> </value>
@@ -35,9 +47,7 @@
             <value>
               <tuple>
                 <string>W: 34, 32: Redefining built-in \'object\' (redefined-builtin)</string>
-                <string>W: 54,  4: Use raise ErrorClass(args) instead of raise ErrorClass, args. (old-raise-syntax)</string>
                 <string>W: 60, 32: Redefining built-in \'object\' (redefined-builtin)</string>
-                <string>W: 86,  4: Use raise ErrorClass(args) instead of raise ErrorClass, args. (old-raise-syntax)</string>
               </tuple>
             </value>
         </item>
@@ -48,13 +58,28 @@
         <item>
             <key> <string>workflow_history</string> </key>
             <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
             </value>
         </item>
       </dictionary>
     </pickle>
   </record>
   <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="PersistentMapping" module="Persistence.mapping"/>
     </pickle>
@@ -67,7 +92,7 @@
                 <item>
                     <key> <string>component_validation_workflow</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -76,7 +101,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="3" aka="AAAAAAAAAAM=">
+  <record id="4" aka="AAAAAAAAAAQ=">
     <pickle>
       <global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
     </pickle>

master/bt5/slapos_cloud/PortalTypeAllowedContentTypeTemplateItem/allowed_content_types.xml

 <allowed_content_type_list>
+ <portal_type id="Computer">
+  <item>ERP5 Login</item>
+ </portal_type>
  <portal_type id="Hosting Subscription Module">
   <item>Hosting Subscription</item>
  </portal_type>
  <portal_type id="Software Installation Module">
   <item>Software Installation</item>
  </portal_type>
+ <portal_type id="Software Instance">
+  <item>ERP5 Login</item>
+ </portal_type>
  <portal_type id="Software Instance Module">
   <item>Slave Instance</item>
   <item>Software Instance</item>

master/bt5/slapos_cloud/PortalTypePropertySheetTemplateItem/property_sheet_list.xml

@@ -3,6 +3,7 @@
   <item>SlaposAssignmentConstraint</item>
  </portal_type>
  <portal_type id="Computer">
+  <item>ERP5User</item>
   <item>SlaposCapacity</item>
   <item>SlaposComputerConstraint</item>
   <item>Url</item>
@@ -42,6 +43,7 @@
   <item>VariationRange</item>
  </portal_type>
  <portal_type id="Software Instance">
+  <item>ERP5User</item>
   <item>HostingSubscription</item>
   <item>Reference</item>
   <item>SoftwareInstance</item>

master/bt5/slapos_cloud/PortalTypeTemplateItem/portal_types/Computer.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Base Type" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_property_domain_dict</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>short_title</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>acquire_local_roles</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>content_icon</string> </key>
+            <value> <string>document_icon.gif</string> </value>
+        </item>
+        <item>
+            <key> <string>content_meta_type</string> </key>
+            <value> <string>ERP5 Computer</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string>Computer represents a computer like personal computer, printer, router.</string> </value>
+        </item>
+        <item>
+            <key> <string>factory</string> </key>
+            <value> <string>addComputer</string> </value>
+        </item>
+        <item>
+            <key> <string>filter_content_types</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>group_list</string> </key>
+            <value>
+              <tuple>
+                <string>item</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Computer</string> </value>
+        </item>
+        <item>
+            <key> <string>init_script</string> </key>
+            <value> <string>Computer_init</string> </value>
+        </item>
+        <item>
+            <key> <string>permission</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>Computer</string> </value>
+        </item>
+        <item>
+            <key> <string>type_class</string> </key>
+            <value> <string>Computer</string> </value>
+        </item>
+        <item>
+            <key> <string>type_interface</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>type_mixin</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
+        <tuple/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>domain_name</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>property_name</string> </key>
+            <value> <string>short_title</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <tuple>
+        <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
+        <tuple/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>domain_name</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>property_name</string> </key>
+            <value> <string>title</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/PortalTypeTemplateItem/portal_types/Software%20Instance.xml

@@ -59,9 +59,7 @@
         </item>
         <item>
             <key> <string>init_script</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>SoftwareInstance_init</string> </value>
         </item>
         <item>
             <key> <string>meta_type</string> </key>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Computer_afterClone.py

+"""Hook called when a computer object is closed.
+
+We want to reset reference, which is the user login in ERP5Security.
+One exception is when a person object is installed from business template.
+"""
+if context.getPortalType() != "Computer":
+  return
+context.setUserId(None)
+context.Computer_initUserId()

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Computer_afterClone.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>guard</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Computer_afterClone</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Guard" module="Products.DCWorkflow.Guard"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>roles</string> </key>
+            <value>
+              <tuple>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Computer_init.py

+context.Computer_initUserId()

master/bt5/slapos_web/SkinTemplateItem/portal_skins/slapos_web/Alarm_checkPromiseSlapOSPASBase.xml → master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Computer_init.xml

@@ -50,11 +50,11 @@
         </item>
         <item>
             <key> <string>_params</string> </key>
-            <value> <string>promise_dict, tag, fixit=False, **kw</string> </value>
+            <value> <string>**kw</string> </value>
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Alarm_checkPromiseSlapOSPASBase</string> </value>
+            <value> <string>Computer_init</string> </value>
         </item>
       </dictionary>
     </pickle>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Computer_initUserId.py

+if not context.hasUserId():
+  context.setUserId(
+    'C%i' % (
+      context.getPortalObject().portal_ids.generateNewId(
+        id_group='user_id',
+        id_generator='non_continuous_integer_increasing',
+      ),
+    ),
+  )

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Computer_initUserId.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>guard</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Computer_initUserId</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Guard" module="Products.DCWorkflow.Guard"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>roles</string> </key>
+            <value>
+              <tuple>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/ERP5Type_asSecurityGroupId.py

+"""
+This script is used to convert a list of categories into an security
+identifier (security ID). It is invoked by two classes in ERP5:
+
+- ERP5Type.py to convert security definitions made of
+  multiple categories into security ID strings
+
+- ERP5GroupManager.py to convert an assignment definition
+  into a single security ID string. It should be noted here
+  that ERP5GroupManager.py also tries to invoke ERP5Type_asSecurityGroupIdList
+  (DEPRECATED) in order associate a user to multiple security groups.
+  In this case ERP5Type_asSecurityGroupId is not invoked.
+
+The script takes the following parameters:
+
+category_order - list of base_categories we want to use to generate the group id
+kw             - keys should be base categories, values should be value
+                 of corresponding relative urls (obtained by getBaseCategory())
+
+Example call:
+  context.ERP5TypeSecurity_asGroupId(category_order=('site', 'group', 'function'),
+               site='france/lille', group='nexedi', function='accounting/accountant')
+
+This will generate a string like 'LIL_NXD_ACT' where "LIL", "NXD" and "ACT" are
+the codification of respecively "france/lille", "nexedi" and "accounting/accountant" categories
+
+If the category points to a document portal type (ex. trade condition, project, etc.),
+and if no codification property is defined for this type of object,
+the security ID group is generated by considering the object reference or
+the object ID.
+
+ERP5Type_asSecurityGroupId can also return a list of users whenever a category points
+to a Person instance. This is useful to implement user based local role assignments
+instead of abstract security based local roles.
+"""
+portal = context.getPortalObject()
+getCategoryValue = portal.portal_categories.getCategoryValue
+
+# sort the category list lexicographically
+# this prevents us to choose the exact order we want,
+# but also prevents some human mistake to break everything by creating site_function instead of function_site
+if category_order not in (None, ''):
+  category_order = list(category_order)
+  category_order.sort()
+else:
+  category_order = []
+
+# Prepare a cartesian product
+from Products.ERP5Type.Utils import cartesianProduct
+list_of_list = []
+user_list = []
+for base_category in category_order:
+  # It is acceptable for a category not to be defined
+  try:
+    category_list = kw[base_category]
+  except KeyError:
+    continue
+
+  associative_list = []
+  if isinstance(category_list, str):
+    category_list = [category_list]
+  for category in category_list:
+    if category[-1] == '*':
+      category = category[:-1]
+      is_child_category = 1
+    else:
+      is_child_category = 0
+    category_path = '%s/%s' % (base_category, category)
+    category_object = getCategoryValue(category_path)
+    if category_object is None:
+      raise RuntimeError("Security definition error (category %r not found)" % (category_path,))
+    portal_type = category_object.getPortalType()
+    if portal_type in ['Person', 'Computer', 'Software Instance']:
+      # We define a person here
+      user_name = category_object.Person_getUserId()
+      if user_name is not None:
+        user_list.append(user_name)
+    else:
+      category_code = (category_object.getProperty('codification') or
+                        category_object.getProperty('reference') or
+                        category_object.getId())
+      if is_child_category:
+        category_code += '*'
+      associative_list.append(category_code)
+  # Prevent making a cartesian product with an empty set
+  if associative_list:
+    list_of_list.append(associative_list)
+
+# Return a list of users if any was defined
+if user_list:
+  return user_list
+
+# Compute the cartesian product and return the codes
+# return filter(lambda x: x, map(lambda x: '_'.join(x), cartesianProduct(list_of_list)))
+return ['_'.join(x) for x in cartesianProduct(list_of_list) if x]

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/ERP5Type_asSecurityGroupId.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>category_order, **kw</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ERP5Type_asSecurityGroupId</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Person_hasLogin.py

+# Google and Facebook should be included too.
+
+return len(context.contentValues(portal_type="ERP5 Login"))

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/Person_hasLogin.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Person_hasLogin</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/SoftwareInstance_afterClone.py

+"""Hook called when a computer object is closed.
+
+We want to reset reference, which is the user login in ERP5Security.
+One exception is when a person object is installed from business template.
+"""
+# Slave Instance don't have user id to be set.
+if context.getPortalType() == "Slave Instance":
+  return
+
+context.setUserId(None)
+context.SoftwareInstance_initUserId()

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/SoftwareInstance_afterClone.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>guard</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>SoftwareInstance_afterClone</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Guard" module="Products.DCWorkflow.Guard"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>roles</string> </key>
+            <value>
+              <tuple>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/SoftwareInstance_init.py

+context.SoftwareInstance_initUserId()

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/SoftwareInstance_init.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>**kw</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>SoftwareInstance_init</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/SoftwareInstance_initUserId.py

+if not context.hasUserId():
+  context.setUserId(
+    'SI%i' % (
+      context.getPortalObject().portal_ids.generateNewId(
+        id_group='user_id',
+        id_generator='non_continuous_integer_increasing',
+      ),
+    ),
+  )

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/SoftwareInstance_initUserId.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>guard</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>SoftwareInstance_initUserId</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Guard" module="Products.DCWorkflow.Guard"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>roles</string> </key>
+            <value>
+              <tuple>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud_promise/Alarm_checkPromiseSlapOSPAS.py

@@ -3,16 +3,10 @@ promise_dict = {
     'SlapOS Machine Authentication Plugin',
     'ERP5 Access Token Extraction Plugin',
   ],
-  'IAuthenticationPlugin': [
-    'SlapOS Machine Authentication Plugin',
-    'SlapOS Shadow Authentication Plugin',
-  ],
   'IGroupsPlugin': [
-    'SlapOS Machine Authentication Plugin',
     'SlapOS Shadow Authentication Plugin',
   ],
   'IUserEnumerationPlugin': [
-    'SlapOS Machine Authentication Plugin',
     'SlapOS Shadow Authentication Plugin',
   ]
 }

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudAlarm.py

 # Copyright (c) 2002-2012 Nexedi SA and Contributors. All Rights Reserved.
 import transaction
 from Products.SlapOS.tests.testSlapOSMixin import \
-  testSlapOSMixin
+  testSlapOSMixin, simulate
 from Products.ERP5Type.tests.utils import createZODBPythonScript
 from unittest import skip
 import json
@@ -10,25 +10,7 @@ from zExceptions import Unauthorized
 from DateTime import DateTime
 from Products.ERP5Type.DateUtils import addToDate
 from App.Common import rfc1123_date
-from functools import wraps
-
-def simulate(script_id, params_string, code_string):
-  def upperWrap(f):
-    @wraps(f)
-    def decorated(self, *args, **kw):
-      if script_id in self.portal.portal_skins.custom.objectIds():
-        raise ValueError('Precondition failed: %s exists in custom' % script_id)
-      createZODBPythonScript(self.portal.portal_skins.custom,
-                          script_id, params_string, code_string)
-      try:
-        result = f(self, *args, **kw)
-      finally:
-        if script_id in self.portal.portal_skins.custom.objectIds():
-          self.portal.portal_skins.custom.manage_delObjects(script_id)
-        transaction.commit()
-      return result
-    return decorated
-  return upperWrap
+
 
 class TestSlapOSCorePromiseSlapOSModuleIdGeneratorAlarm(testSlapOSMixin):
 

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudSecurityGroup.py

@@ -30,96 +30,110 @@ import unittest
 import random
 from AccessControl import getSecurityManager
 from Products.SlapOS.tests.testSlapOSMixin import testSlapOSMixin
+from Products.PluggableAuthService.interfaces.plugins import\
+                                                      IAuthenticationPlugin
 
 class TestSlapOSSecurityMixin(testSlapOSMixin):
-  def _generateRandomUniqueReference(self, portal_type):
-    reference = None
-    while reference is None:
-      random_reference = "test_%s" % random.random()
+
+  def _generateRandomUniqueUserId(self, portal_type, search_key="user_id"):
+    user_id = None
+    while user_id is None:
+      random_user_id = "test_%s_%s" % (
+        portal_type.replace(" ", "_").lower(), random.random())
       result_list = self.portal.portal_catalog(
           portal_type=portal_type,
-          reference=random_reference,
+          **{search_key: random_user_id}
           )
       if not len(result_list):
-        reference = random_reference
-    return reference
+        user_id = random_user_id
+    return user_id
 
-  def _assertUserExists(self, login, password):
+  def _generateRandomUniqueReference(self, portal_type):
+    return self._generateRandomUniqueUserId(portal_type, "reference")
+
+  def _assertUserExists(self, user_id, login, password):
     """Checks that a user with login and password exists and can log in to the
     system.
     """
-    from Products.PluggableAuthService.interfaces.plugins import\
-                                                      IAuthenticationPlugin
     uf = self.getUserFolder()
-    self.assertNotEquals(uf.getUserById(login, None), None)
-    for plugin_name, plugin in uf._getOb('plugins').listPlugins(
+    self.assertNotEquals(uf.getUserById(user_id, None), None)
+    for _, plugin in uf._getOb('plugins').listPlugins(
                                 IAuthenticationPlugin ):
       if plugin.authenticateCredentials(
-                  {'login':login,
-                   'password':password,
-                   'machine_login': login}) is not None:
+                  {'login_portal_type': 'ERP5 Login',
+                   'external_login': login}) is not None:
         break
     else:
       self.fail("No plugin could authenticate '%s' with password '%s'" %
               (login, password))
 
-  def _assertUserDoesNotExists(self, login, password):
+  def _assertUserDoesNotExists(self, user_id, login, password):
     """Checks that a user with login and password does not exists and cannot
     log in to the system.
     """
-    from Products.PluggableAuthService.interfaces.plugins import\
-                                                        IAuthenticationPlugin
     uf = self.getUserFolder()
     for plugin_name, plugin in uf._getOb('plugins').listPlugins(
                               IAuthenticationPlugin ):
       if plugin.authenticateCredentials(
-                {'login':login,
-                 'password':password,
-                 'machine_login': login}) is not None:
+                {'login_portal_type': 'ERP5 Login',
+                 'external_login': login}) is not None:
         self.fail(
            "Plugin %s should not have authenticated '%s' with password '%s'" %
            (plugin_name, login, password))
 
 class TestSlapOSComputerSecurity(TestSlapOSSecurityMixin):
   def test_active(self):
+    user_id = self._generateRandomUniqueUserId('Computer')
     reference = self._generateRandomUniqueReference('Computer')
 
-    computer = self.portal.computer_module.newContent(portal_type='Computer',
-      reference=reference)
+    computer = self.portal.computer_module.newContent(
+      portal_type='Computer', reference=reference)
+    computer.setUserId(user_id)
     computer.validate()
+    computer.newContent(portal_type='ERP5 Login',
+                      reference=reference).validate()
+
     computer.recursiveImmediateReindexObject()
 
-    self._assertUserExists(reference, None)
+    self._assertUserExists(user_id, reference, None)
 
-    self.login(reference)
+    self.login(user_id)
     user = getSecurityManager().getUser()
     self.assertTrue('Authenticated' in user.getRoles())
     self.assertSameSet(['R-COMPUTER'],
       user.getGroups())
 
   def test_inactive(self):
+    user_id = self._generateRandomUniqueUserId('Computer')
     reference = self._generateRandomUniqueReference('Computer')
 
-    computer = self.portal.computer_module.newContent(portal_type='Computer',
-      reference=reference)
+    computer = self.portal.computer_module.newContent(
+      portal_type='Computer', reference=reference)
+    computer.setUserId(user_id)
+    computer.newContent(portal_type='ERP5 Login',
+                      reference=reference)
     computer.recursiveImmediateReindexObject()
 
-    self._assertUserDoesNotExists(reference, None)
+    self._assertUserDoesNotExists(user_id, reference, None)
 
 class TestSlapOSSoftwareInstanceSecurity(TestSlapOSSecurityMixin):
   portal_type = 'Software Instance'
   def test_active(self):
+    user_id = self._generateRandomUniqueUserId(self.portal_type)
     reference = self._generateRandomUniqueReference(self.portal_type)
 
     instance = self.portal.getDefaultModule(portal_type=self.portal_type)\
       .newContent(portal_type=self.portal_type, reference=reference)
+    instance.setUserId(user_id)
     instance.validate()
+    instance.newContent(portal_type='ERP5 Login',
+                      reference=reference).validate()
     instance.recursiveImmediateReindexObject()
 
-    self._assertUserExists(reference, None)
+    self._assertUserExists(user_id, reference, None)
 
     # instance w/o subscription is loggable and it has some roles
-    self.login(reference)
+    self.login(user_id)
     user = getSecurityManager().getUser()
     self.assertTrue('Authenticated' in user.getRoles())
     self.assertSameSet(['R-INSTANCE'],
@@ -129,7 +143,8 @@ class TestSlapOSSoftwareInstanceSecurity(TestSlapOSSecurityMixin):
     subscription_reference = self._generateRandomUniqueReference(
         'Hosting Suscription')
     subscription = self.portal.hosting_subscription_module.newContent(
-        portal_type='Hosting Subscription', reference=subscription_reference)
+        portal_type='Hosting Subscription',
+        reference=subscription_reference)
     subscription.validate()
     instance.setSpecialise(subscription.getRelativeUrl())
     subscription.recursiveImmediateReindexObject()
@@ -137,33 +152,42 @@ class TestSlapOSSoftwareInstanceSecurity(TestSlapOSSecurityMixin):
 
     # clear cache in order to reset calculation
     self.portal.portal_caches.clearAllCache()
-    self.login(reference)
+    self.login(user_id)
     user = getSecurityManager().getUser()
     self.assertTrue('Authenticated' in user.getRoles())
     self.assertSameSet(['R-INSTANCE', subscription_reference],
       user.getGroups())
 
   def test_inactive(self):
+    user_id = self._generateRandomUniqueUserId(self.portal_type)
     reference = self._generateRandomUniqueReference(self.portal_type)
 
     instance = self.portal.getDefaultModule(portal_type=self.portal_type)\
       .newContent(portal_type=self.portal_type, reference=reference)
+    instance.setUserId(user_id)
     instance.recursiveImmediateReindexObject()
 
-    self._assertUserDoesNotExists(reference, None)
+    self._assertUserDoesNotExists(user_id, reference, None)
 
 class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
   def test_active(self):
     password = str(random.random())
     reference = self._generateRandomUniqueReference('Person')
-    person = self.portal.person_module.newContent(portal_type='Person',
+    user_id = self._generateRandomUniqueUserId('Person')
+
+    person = self.portal.person_module.newContent(
+      portal_type='Person',
       reference=reference, password=password)
+    person.setUserId(user_id)
+
     person.newContent(portal_type='Assignment').open()
+    person.newContent(portal_type='ERP5 Login',
+      reference=reference, password=password).validate()
 
     self.commit()
     person.recursiveImmediateReindexObject()
 
-    self._assertUserExists(reference, password)
+    self._assertUserExists(user_id, reference, password)
 
     self.login(person.getUserId())
     user = getSecurityManager().getUser()
@@ -177,7 +201,6 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
     self.commit()
     person.recursiveImmediateReindexObject()
 
-
     self.tic()
     self.portal.portal_caches.clearAllCache()
     self.login(person.getUserId())
@@ -199,13 +222,15 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
   def test_inactive(self):
     password = str(random.random())
     reference = self._generateRandomUniqueReference('Person')
+    user_id = self._generateRandomUniqueReference('Person')
+    
     person = self.portal.person_module.newContent(portal_type='Person',
       reference=reference, password=password)
 
     self.commit()
     person.recursiveImmediateReindexObject()
 
-    self._assertUserDoesNotExists(reference, password)
+    self._assertUserDoesNotExists(user_id, reference, password)
 
 def test_suite():
   suite = unittest.TestSuite()

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudSecurityGroup.xml

@@ -6,10 +6,22 @@
     </pickle>
     <pickle>
       <dictionary>
+        <item>
+            <key> <string>_recorded_property_dict</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>default_reference</string> </key>
             <value> <string>testSlapOSCloudSecurityGroup</string> </value>
         </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>test.erp5.testSlapOSCloudSecurityGroup</string> </value>
@@ -33,9 +45,7 @@
         <item>
             <key> <string>text_content_warning_message</string> </key>
             <value>
-              <tuple>
-                <string>W: 56,  8: Unused variable \'plugin_name\' (unused-variable)</string>
-              </tuple>
+              <tuple/>
             </value>
         </item>
         <item>
@@ -45,13 +55,28 @@
         <item>
             <key> <string>workflow_history</string> </key>
             <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
             </value>
         </item>
       </dictionary>
     </pickle>
   </record>
   <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="PersistentMapping" module="Persistence.mapping"/>
     </pickle>
@@ -64,7 +89,7 @@
                 <item>
                     <key> <string>component_validation_workflow</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -73,7 +98,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="3" aka="AAAAAAAAAAM=">
+  <record id="4" aka="AAAAAAAAAAQ=">
     <pickle>
       <global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
     </pickle>

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudShadow.py

@@ -28,7 +28,6 @@
 
 import unittest
 import random
-import transaction
 from AccessControl import getSecurityManager
 from erp5.component.test.testSlapOSCloudSecurityGroup import TestSlapOSSecurityMixin
 
@@ -36,96 +35,125 @@ class TestSlapOSShadowPerson(TestSlapOSSecurityMixin):
   def test_active(self):
     password = str(random.random())
     reference = self._generateRandomUniqueReference('Person')
-    shadow_reference = 'SHADOW-%s' % reference
-    person = self.portal.person_module.newContent(portal_type='Person',
-      reference=reference, password=password)
+    user_id = self._generateRandomUniqueUserId('Person')
+    shadow_user_id = 'SHADOW-%s' % user_id
+
+    person = self.portal.person_module.newContent(
+      portal_type='Person')
+    person.setUserId(user_id)
     person.newContent(portal_type='Assignment').open()
 
-    transaction.commit()
+    person.newContent(portal_type='ERP5 Login',
+          reference=reference, password=password).validate()
+    self.commit()
     person.recursiveImmediateReindexObject()
 
-    self._assertUserExists(reference, password)
-    self._assertUserExists(shadow_reference, None)
+    self._assertUserExists(user_id, reference, password)
 
-    self.login(shadow_reference)
+    # XXX shadow user cannot login himself.
+    self._assertUserExists(shadow_user_id, reference, None)
+
+    self.login(shadow_user_id)
     user = getSecurityManager().getUser()
     self.assertTrue('Authenticated' in user.getRoles())
-    self.assertSameSet(['R-SHADOW-PERSON', 'SHADOW-%s' % reference],
+    self.assertSameSet(['R-SHADOW-PERSON', 'SHADOW-%s' % user_id],
       user.getGroups())
 
   def test_inactive(self):
     password = str(random.random())
     reference = self._generateRandomUniqueReference('Person')
-    shadow_reference = 'SHADOW-%s' % reference
-    person = self.portal.person_module.newContent(portal_type='Person',
-      reference=reference, password=password)
+    user_id = self._generateRandomUniqueUserId('Person')
 
-    transaction.commit()
+    shadow_user_id = 'SHADOW-%s' % user_id
+    person = self.portal.person_module.newContent(
+      portal_type='Person')
+    person.setUserId(user_id)
+
+    self.commit()
     person.recursiveImmediateReindexObject()
 
-    self._assertUserDoesNotExists(reference, password)
-    self._assertUserDoesNotExists(shadow_reference, None)
+    self._assertUserDoesNotExists(user_id, reference, password)
+    self._assertUserDoesNotExists(shadow_user_id, reference, None)
 
 class TestSlapOSShadowComputer(TestSlapOSSecurityMixin):
   def test_active(self):
     reference = self._generateRandomUniqueReference('Computer')
-    shadow_reference = 'SHADOW-%s' % reference
+    user_id = self._generateRandomUniqueUserId('Computer')
+
+    shadow_user_id = 'SHADOW-%s' % user_id
 
     computer = self.portal.computer_module.newContent(portal_type='Computer',
       reference=reference)
+    computer.setUserId(user_id)
+
+    computer.newContent(portal_type='ERP5 Login',
+          reference=reference).validate()
+
     computer.validate()
     computer.recursiveImmediateReindexObject()
 
-    self._assertUserExists(reference, None)
-    self._assertUserExists(shadow_reference, None)
+    self._assertUserExists(user_id, reference, None)
+    self._assertUserExists(shadow_user_id, reference, None)
 
-    self.login(shadow_reference)
+    self.login(shadow_user_id)
     user = getSecurityManager().getUser()
     self.assertTrue('Authenticated' in user.getRoles())
-    self.assertSameSet(['R-SHADOW-COMPUTER', 'SHADOW-%s' % reference],
+    self.assertSameSet(['R-SHADOW-COMPUTER', 'SHADOW-%s' % user_id],
       user.getGroups())
 
   def test_inactive(self):
     reference = self._generateRandomUniqueReference('Computer')
+    user_id = self._generateRandomUniqueUserId('Computer')
+
     shadow_reference = 'SHADOW-%s' % reference
 
     computer = self.portal.computer_module.newContent(portal_type='Computer',
       reference=reference)
+    computer.setUserId(user_id)
+
     computer.recursiveImmediateReindexObject()
 
-    self._assertUserDoesNotExists(reference, None)
-    self._assertUserDoesNotExists(shadow_reference, None)
+    self._assertUserDoesNotExists(user_id, reference, None)
+    self._assertUserDoesNotExists(user_id, shadow_reference, None)
 
 class TestSlapOSShadowSoftwareInstance(TestSlapOSSecurityMixin):
   portal_type = 'Software Instance'
   def test_active(self):
     reference = self._generateRandomUniqueReference(self.portal_type)
-    shadow_reference = 'SHADOW-%s' % reference
+    user_id = self._generateRandomUniqueUserId(self.portal_type)
+
+    shadow_user_id = 'SHADOW-%s' % user_id
 
     instance = self.portal.getDefaultModule(portal_type=self.portal_type)\
       .newContent(portal_type=self.portal_type, reference=reference)
+    instance.setUserId(user_id)
+    instance.newContent(portal_type='ERP5 Login',
+          reference=reference).validate()
     instance.validate()
     instance.recursiveImmediateReindexObject()
 
-    self._assertUserExists(reference, None)
-    self._assertUserExists(shadow_reference, None)
+    self._assertUserExists(user_id, reference, None)
+    self._assertUserExists(shadow_user_id, reference, None)
 
-    self.login(shadow_reference)
+    self.login(shadow_user_id)
     user = getSecurityManager().getUser()
     self.assertTrue('Authenticated' in user.getRoles())
-    self.assertSameSet(['R-SHADOW-SOFTWAREINSTANCE', 'SHADOW-%s' % reference],
+    self.assertSameSet(['R-SHADOW-SOFTWAREINSTANCE', 'SHADOW-%s' % user_id],
       user.getGroups())
 
   def test_inactive(self):
     reference = self._generateRandomUniqueReference(self.portal_type)
+    user_id = self._generateRandomUniqueUserId(self.portal_type)
+
     shadow_reference = 'SHADOW-%s' % reference
 
     instance = self.portal.getDefaultModule(portal_type=self.portal_type)\
       .newContent(portal_type=self.portal_type, reference=reference)
+    instance.setUserId(user_id)
     instance.recursiveImmediateReindexObject()
 
-    self._assertUserDoesNotExists(reference, None)
-    self._assertUserDoesNotExists(shadow_reference, None)
+    self._assertUserDoesNotExists(user_id, reference, None)
+    self._assertUserDoesNotExists(user_id, shadow_reference, None)
 
 def test_suite():
   suite = unittest.TestSuite()

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudShadow.xml

@@ -6,10 +6,22 @@
     </pickle>
     <pickle>
       <dictionary>
+        <item>
+            <key> <string>_recorded_property_dict</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>default_reference</string> </key>
             <value> <string>testSlapOSCloudShadow</string> </value>
         </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>test.erp5.testSlapOSCloudShadow</string> </value>
@@ -27,9 +39,7 @@
         <item>
             <key> <string>text_content_error_message</string> </key>
             <value>
-              <tuple>
-                <string>F: 33,  0: Unable to import \'testSlapOSCloudSecurityGroup\' (import-error)</string>
-              </tuple>
+              <tuple/>
             </value>
         </item>
         <item>
@@ -45,13 +55,28 @@
         <item>
             <key> <string>workflow_history</string> </key>
             <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
             </value>
         </item>
       </dictionary>
     </pickle>
   </record>
   <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="PersistentMapping" module="Persistence.mapping"/>
     </pickle>
@@ -64,7 +89,7 @@
                 <item>
                     <key> <string>component_validation_workflow</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -73,7 +98,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="3" aka="AAAAAAAAAAM=">
+  <record id="4" aka="AAAAAAAAAAQ=">
     <pickle>
       <global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
     </pickle>

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_approveRegistration.py

@@ -5,4 +5,11 @@ computer.edit(
   allocation_scope='open/personal',
   source_administration_value=person,
 )
+
+erp5_login = computer.newContent(
+  portal_type="ERP5 Login",
+  reference=computer.getReference()
+)
+erp5_login.validate()
+
 portal.portal_workflow.doActionFor(computer, 'validate_action')

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/instance_slap_interface_workflow/scripts/RequesterInstance_request.py

@@ -98,8 +98,14 @@ if (request_software_instance is None):
       activate_kw={'tag': tag},
       **new_content_kw
     )
-    # request_software_instance.portal_workflow.doActionFor(request_software_instance, 'validate_action')
     request_software_instance.validate()
+    if software_instance_portal_type == "Software Instance":
+      # Include ERP5 Login so Instance become a User
+      erp5_login = request_software_instance.newContent(
+        portal_type="ERP5 Login",
+        reference=request_software_instance.getReference())
+      erp5_login = erp5_login.validate()
+
     graph[request_software_instance.getUid()] = []
 
 else:

master/bt5/slapos_cloud/bt/template_portal_type_allowed_content_type_list

+Computer | ERP5 Login
 Hosting Subscription Module | Hosting Subscription
 Software Installation Module | Software Installation
 Software Instance Module | Slave Instance
-Software Instance Module | Software Instance
\ No newline at end of file
+Software Instance Module | Software Instance
+Software Instance | ERP5 Login
\ No newline at end of file

master/bt5/slapos_cloud/bt/template_portal_type_id_list

+Computer
 Hosting Subscription
 Hosting Subscription Module
 Slave Instance

master/bt5/slapos_cloud/bt/template_portal_type_property_sheet_list

@@ -2,6 +2,7 @@ Assignment | SlaposAssignmentConstraint
 Computer Model | SlaposCapacity
 Computer Partition | ComputerPartition
 Computer Partition | SlaposComputerPartitionConstraint
+Computer | ERP5User
 Computer | SlaposCapacity
 Computer | SlaposComputerConstraint
 Computer | Url
@@ -22,6 +23,7 @@ Slave Instance | Url
 Slave Instance | VariationRange
 Software Installation | Url
 Software Installation | VariationRange
+Software Instance | ERP5User
 Software Instance | HostingSubscription
 Software Instance | Reference
 Software Instance | SoftwareInstance

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer.xml

@@ -18,7 +18,7 @@
   </role>
   <role id='Assignor'>
    <property id='title'>Self Computer</property>
-   <property id='condition'>python: context.getReference("") != ""</property>
+   <property id='condition'>python: context.getUserId("") != ""</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
    <multi_property id='base_category'>destination_decision</multi_property>
   </role>

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputerType_getSecurityCategoryFromAllocationScope.py

@@ -11,7 +11,6 @@
 if obj is None:
   return []
 
-portal = obj.getPortalObject()
 computer = obj
 
 category_list = []
@@ -22,10 +21,10 @@ if scope == 'open/public':
 elif scope == 'open/personal':
   person = computer.getSourceAdministrationValue(portal_type="Person")
   if person is not None:
-    return {"Auditor": ["SHADOW-%s" % person.getReference()]}
+    return {"Auditor": ["SHADOW-%s" % person.getUserId()]}
 elif scope == 'open/friend':
   person_list = computer.getDestinationSectionValueList(portal_type="Person")
   if person_list:
-    return {"Auditor": ["SHADOW-%s" % x.getReference() for x in person_list]}
+    return {"Auditor": ["SHADOW-%s" % x.getUserId() for x in person_list]}
 
 return category_list

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PaymentTransactionType_getSecurityCategoryFromUser.py

@@ -33,6 +33,6 @@ if obj is None:
 person = obj.getDestinationSectionValue(portal_type="Person")
 if person is not None:
   for base_category in base_category_list:
-    return {"Auditor": ["SHADOW-%s" % person.getReference()]}
+    return {"Auditor": ["SHADOW-%s" % person.getUserId()]}
 
 return category_list

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PayzenEventType_getSecurityCategoryFromUser.py

@@ -33,6 +33,6 @@ if obj is None:
 person = obj.getDestinationSectionValue(portal_type="Person")
 if person is not None:
   for base_category in base_category_list:
-    return {"Assignee": ["SHADOW-%s" % person.getReference()]}
+    return {"Assignee": ["SHADOW-%s" % person.getUserId()]}
 
 return category_list

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PersonType_getSecurityCategoryFromSelfShadow.py

@@ -5,7 +5,7 @@ the categories from the current content and associates
 it to a given base_category. It is useful in the
 following cases:
 
-- calculate a security group based current object 
+- calculate a security group based current object
   in the context of a base category (ex. source_project).
   This is used for example in ERP5 DMS to calculate
   project security.
@@ -20,9 +20,7 @@ The parameters are
 NOTE: for now, this script requires proxy manager
 """
 
-category_list = []
-
 if obj is None:
   return []
 
-return {'Auditor': ['SHADOW-%s' % obj.getReference()]}
+return {'Auditor': ['SHADOW-%s' % obj.getUserId()]}

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5DefaultScenario.py

@@ -6,6 +6,7 @@
 ##############################################################################
 
 from erp5.component.test.testSlapOSCloudSecurityGroup import TestSlapOSSecurityMixin
+from Products.SlapOS.tests.testSlapOSMixin import changeSkin
 import re
 import xml_marshaller
 from AccessControl.SecurityManagement import getSecurityManager, \
@@ -13,21 +14,6 @@ from AccessControl.SecurityManagement import getSecurityManager, \
 from DateTime import DateTime
 import json
 
-def changeSkin(skin_name):
-  def decorator(func):
-    def wrapped(self, *args, **kwargs):
-      default_skin = self.portal.portal_skins.default_skin
-      self.portal.portal_skins.changeSkin(skin_name)
-      self.app.REQUEST.set('portal_skin', skin_name)
-      try:
-        v = func(self, *args, **kwargs)
-      finally:
-        self.portal.portal_skins.changeSkin(default_skin)
-        self.app.REQUEST.set('portal_skin', default_skin)
-      return v
-    return wrapped
-  return decorator
-
 class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
   def joinSlapOS(self, web_site, reference):
     def findMessage(email, body):
@@ -151,7 +137,7 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
       ))
     sm = getSecurityManager()
     try:
-      self.login(computer.getReference())
+      self.login(computer.getUserId())
       self.portal.portal_slap.loadComputerConfigurationFromXML(
           xml_marshaller.xml_marshaller.dumps(computer_dict))
       self.tic()
@@ -162,9 +148,9 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
 
   def simulateSlapgridSR(self, computer):
     sm = getSecurityManager()
-    computer_reference = computer.getReference()
+    computer_user_id = computer.getUserId()
     try:
-      self.login(computer_reference)
+      self.login(computer_user_id)
       computer_xml = self.portal.portal_slap.getFullComputerInformation(
           computer_id=computer.getReference())
       slap_computer = xml_marshaller.xml_marshaller.loads(computer_xml)
@@ -184,9 +170,9 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
 
   def simulateSlapgridUR(self, computer):
     sm = getSecurityManager()
-    computer_reference = computer.getReference()
+    computer_user_id = computer.getUserId()
     try:
-      self.login(computer_reference)
+      self.login(computer_user_id)
       computer_xml = self.portal.portal_slap.getFullComputerInformation(
           computer_id=computer.getReference())
       slap_computer = xml_marshaller.xml_marshaller.loads(computer_xml)
@@ -214,8 +200,9 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
   def simulateSlapgridCP(self, computer):
     sm = getSecurityManager()
     computer_reference = computer.getReference()
+    computer_user_id = computer.getUserId()
     try:
-      self.login(computer_reference)
+      self.login(computer_user_id)
       computer_xml = self.portal.portal_slap.getFullComputerInformation(
           computer_id=computer.getReference())
       slap_computer = xml_marshaller.xml_marshaller.loads(computer_xml)
@@ -229,9 +216,13 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
             url_1 = 'http://%s/' % ip_list[0][1],
             url_2 = 'http://%s/' % ip_list[1][1],
           ))
+          self.login()
+          instance_user_id = self.portal.portal_catalog.getResultValue(
+              reference=instance_reference, portal_type="Software Instance").getUserId()
+
           oldsm = getSecurityManager()
           try:
-            self.login(instance_reference)
+            self.login(instance_user_id)
             self.portal.portal_slap.setComputerPartitionConnectionXml(
               computer_id=computer_reference,
               computer_partition_id=partition._partition_id,
@@ -314,10 +305,11 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
                 portal_type='Internet Protocol Address')],
         connection_dict.values())
 
-  def checkSlaveInstanceUnallocation(self, person_reference, instance_title,
+  def checkSlaveInstanceUnallocation(self, person_user_id,
+      person_reference, instance_title,
       software_release, software_type, server):
 
-    self.login(person_reference)
+    self.login(person_user_id)
     self.personRequestInstanceNotReady(
       software_release=software_release,
       software_type=software_type,
@@ -333,10 +325,11 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
 
     self.assertEqual(0, len(hosting_subscription_list))
 
-  def checkInstanceUnallocation(self, person_reference, instance_title,
+  def checkInstanceUnallocation(self, person_user_id,
+      person_reference, instance_title,
       software_release, software_type, server):
 
-    self.login(person_reference)
+    self.login(person_user_id)
     self.personRequestInstanceNotReady(
       software_release=software_release,
       software_type=software_type,
@@ -723,19 +716,21 @@ class TestSlapOSDefaultScenario(TestSlapOSSecurityMixin):
         friend_instance_type, friend_server)
 
     # now deallocate the slaves
-    self.checkSlaveInstanceUnallocation(public_reference,
-        public_slave_instance_title, friend_server_software,
+    self.checkSlaveInstanceUnallocation(public_person.getUserId(),
+        public_reference, public_slave_instance_title, friend_server_software,
         friend_instance_type, friend_server)
 
-    self.checkSlaveInstanceUnallocation(friend_reference,
-        friend_slave_instance_title, public_server_software,
+    self.checkSlaveInstanceUnallocation(friend_person.getUserId(),
+        friend_reference, friend_slave_instance_title, public_server_software,
         public_instance_type, public_server)
 
     # and the instances
-    self.checkInstanceUnallocation(public_reference, public_instance_title,
+    self.checkInstanceUnallocation(public_person.getUserId(),
+        public_reference, public_instance_title,
         public_server_software, public_instance_type, public_server)
 
-    self.checkInstanceUnallocation(friend_reference, friend_instance_title,
+    self.checkInstanceUnallocation(friend_person.getUserId(),
+        friend_reference, friend_instance_title,
         friend_server_software, friend_instance_type, friend_server)
 
     # and uninstall some software on them

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5DefaultScenario.xml

@@ -46,8 +46,8 @@
             <key> <string>text_content_warning_message</string> </key>
             <value>
               <tuple>
-                <string>W: 38,  4: Unused variable \'credential_request_form\' (unused-variable)</string>
-                <string>W:872,  4: Unused variable \'credential_request_form\' (unused-variable)</string>
+                <string>W: 24,  4: Unused variable \'credential_request_form\' (unused-variable)</string>
+                <string>W:859,  4: Unused variable \'credential_request_form\' (unused-variable)</string>
               </tuple>
             </value>
         </item>

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py

 # Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
 from Products.SlapOS.tests.testSlapOSMixin import testSlapOSMixin
 from AccessControl import getSecurityManager
-import transaction
 
 class TestSlapOSGroupRoleSecurityMixin(testSlapOSMixin):
+  abort_transaction = 1
+
   def afterSetUp(self):
     super(TestSlapOSGroupRoleSecurityMixin, self).afterSetUp()
     self.user_id = getSecurityManager().getUser().getId()
 
-  def beforeTearDown(self):
-    transaction.abort()
-
   def changeOwnership(self, document):
     """ Change the ownership of the document to the right and
         expected user. Normally the user which setups the site.
@@ -71,9 +69,10 @@ class TestComputer(TestSlapOSGroupRoleSecurityMixin):
     computer = self.portal.computer_module.newContent(portal_type='Computer')
     computer.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(computer,
-        ['G-COMPANY', self.user_id], False)
+        ['G-COMPANY', self.user_id, computer.getUserId()], False)
     self.assertRoles(computer, 'G-COMPANY', ['Assignor'])
     self.assertRoles(computer, self.user_id, ['Owner'])
+    self.assertRoles(computer, computer.getUserId(), ['Assignor'])
 
   def test_ComputerAgent(self):
     reference = 'TESTPERSON-%s' % self.generateNewId()
@@ -83,9 +82,10 @@ class TestComputer(TestSlapOSGroupRoleSecurityMixin):
         source_administration=person.getRelativeUrl())
     computer.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(computer,
-        [self.user_id, 'G-COMPANY', person.getUserId()], False)
+        [self.user_id, 'G-COMPANY', person.getUserId(), computer.getUserId()], False)
     self.assertRoles(computer, person.getUserId(), ['Assignee'])
     self.assertRoles(computer, self.user_id, ['Owner'])
+    self.assertRoles(computer, computer.getUserId(), ['Assignor'])
 
   def test_AllocationScope(self):
     computer = self.portal.computer_module.newContent(portal_type='Computer')
@@ -94,9 +94,10 @@ class TestComputer(TestSlapOSGroupRoleSecurityMixin):
     computer.edit(allocation_scope='open/public')
     computer.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(computer,
-        [self.user_id, 'G-COMPANY', 'R-SHADOW-PERSON'], False)
+        [self.user_id, 'G-COMPANY', 'R-SHADOW-PERSON', computer.getUserId()], False)
     self.assertRoles(computer, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(computer, self.user_id, ['Owner'])
+    self.assertRoles(computer, computer.getUserId(), ['Assignor'])
 
     # open/personal
     reference = 'TESTPERSON-%s' % self.generateNewId()
@@ -106,11 +107,14 @@ class TestComputer(TestSlapOSGroupRoleSecurityMixin):
         source_administration=person.getRelativeUrl()
     )
     computer.updateLocalRolesOnSecurityGroups()
-    shadow_reference = 'SHADOW-%s' % reference
+    shadow_user_id = 'SHADOW-%s' % person.getUserId()
+
     self.assertSecurityGroup(computer,
-        [self.user_id, 'G-COMPANY', shadow_reference, person.getUserId()], False)
-    self.assertRoles(computer, shadow_reference, ['Auditor'])
+        [self.user_id, 'G-COMPANY', shadow_user_id,
+         person.getUserId(), computer.getUserId()], False)
+    self.assertRoles(computer, shadow_user_id, ['Auditor'])
     self.assertRoles(computer, self.user_id, ['Owner'])
+    self.assertRoles(computer, computer.getUserId(), ['Assignor'])
 
     # open/friend
     friend_reference = 'TESTPERSON-%s' % self.generateNewId()
@@ -120,11 +124,14 @@ class TestComputer(TestSlapOSGroupRoleSecurityMixin):
         destination_section=friend_person.getRelativeUrl()
     )
     computer.updateLocalRolesOnSecurityGroups()
-    shadow_friend_reference = 'SHADOW-%s' % friend_reference
+    shadow_friend_user_id = 'SHADOW-%s' % friend_person.getUserId()
     self.assertSecurityGroup(computer,
-        [self.user_id, 'G-COMPANY', shadow_friend_reference, person.getUserId()], False)
-    self.assertRoles(computer, shadow_friend_reference, ['Auditor'])
+        [self.user_id, 'G-COMPANY', shadow_friend_user_id,
+         person.getUserId(), computer.getUserId()], False)
+    self.assertRoles(computer, shadow_friend_user_id, ['Auditor'])
     self.assertRoles(computer, self.user_id, ['Owner'])
+    self.assertRoles(computer, computer.getUserId(), ['Assignor'])
+
 
   def test_selfComputer(self):
     reference = 'TESTCOMP-%s' % self.generateNewId()
@@ -132,8 +139,8 @@ class TestComputer(TestSlapOSGroupRoleSecurityMixin):
         reference=reference)
     computer.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(computer,
-        [self.user_id, 'G-COMPANY', reference], False)
-    self.assertRoles(computer, reference, ['Assignor'])
+        [self.user_id, 'G-COMPANY', computer.getUserId()], False)
+    self.assertRoles(computer, computer.getUserId(), ['Assignor'])
     self.assertRoles(computer, self.user_id, ['Owner'])
 
 class TestComputerModel(TestSlapOSGroupRoleSecurityMixin):
@@ -602,11 +609,11 @@ class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Slave Instance', aggregate=partition.getRelativeUrl())
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', provider_reference,
-        computer_reference, self.user_id], False)
+    self.assertSecurityGroup(instance, ['G-COMPANY', provider.getUserId(),
+        computer.getUserId(), self.user_id], False)
     self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(instance, provider_reference, ['Assignor'])
-    self.assertRoles(instance, computer_reference, ['Assignor'])
+    self.assertRoles(instance, provider.getUserId(), ['Assignor'])
+    self.assertRoles(instance, computer.getUserId(), ['Assignor'])
     self.assertRoles(instance, self.user_id, ['Owner', 'Assignee'])
 
   test_Computer = test_SoftwareInstanceWhichProvidesThisSlaveInstance
@@ -636,9 +643,9 @@ class TestSoftwareInstallation(TestSlapOSGroupRoleSecurityMixin):
     installation.updateLocalRolesOnSecurityGroups()
 
     self.assertSecurityGroup(installation, [self.user_id,
-        'G-COMPANY', computer_reference], False)
+        'G-COMPANY', computer.getUserId()], False)
     self.assertRoles(installation, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(installation, computer_reference, ['Assignor'])
+    self.assertRoles(installation, computer.getUserId(), ['Assignor'])
     self.assertRoles(installation, self.user_id, ['Owner', 'Assignee'])
 
   def test_ProviderOfTheInstallation(self):
@@ -717,10 +724,10 @@ class TestSoftwareInstance(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Software Instance', aggregate=partition.getRelativeUrl())
     instance.updateLocalRolesOnSecurityGroups()
 
-    self.assertSecurityGroup(instance, ['G-COMPANY', computer_reference,
+    self.assertSecurityGroup(instance, ['G-COMPANY', computer.getUserId(),
         self.user_id], False)
     self.assertRoles(instance, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(instance, computer_reference, ['Assignor'])
+    self.assertRoles(instance, computer.getUserId(), ['Assignor'])
     self.assertRoles(instance, self.user_id, ['Owner', 'Assignee'])
 
 class TestSoftwareInstanceModule(TestSlapOSGroupRoleSecurityMixin):
@@ -970,11 +977,11 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
         destination_section_value=person,
         )
     product.updateLocalRolesOnSecurityGroups()
-    shadow_reference = 'SHADOW-%s' % reference
+    shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), shadow_reference], False)
+        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, shadow_reference, ['Auditor'])
+    self.assertRoles(product, shadow_user_id, ['Auditor'])
     self.assertRoles(product, person.getUserId(), ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
@@ -988,11 +995,11 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
         destination_section_value=person,
         )
     product.updateLocalRolesOnSecurityGroups()
-    shadow_reference = 'SHADOW-%s' % reference
+    shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), shadow_reference], False)
+        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, shadow_reference, ['Auditor'])
+    self.assertRoles(product, shadow_user_id, ['Auditor'])
     self.assertRoles(product, person.getUserId(), ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
@@ -1973,11 +1980,11 @@ class TestPayzenEvent(TestSlapOSGroupRoleSecurityMixin):
         destination_section_value=person,
         )
     product.updateLocalRolesOnSecurityGroups()
-    shadow_reference = 'SHADOW-%s' % reference
+    shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, shadow_reference], False)
+        ['G-COMPANY', self.user_id, shadow_user_id], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(product, shadow_reference, ['Assignee'])
+    self.assertRoles(product, shadow_user_id, ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
 class TestSecurePaymentTool(TestSlapOSGroupRoleSecurityMixin):

master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interactions/Computer_edit.xml

@@ -56,7 +56,7 @@
             <key> <string>method_id</string> </key>
             <value>
               <list>
-                <string>_setReference</string>
+                <string>_setUserId.*</string>
                 <string>_setSourceAdministration.*</string>
                 <string>_setAllocationScope.*</string>
                 <string>_setDestinationSection.*</string>
@@ -75,6 +75,12 @@
               </list>
             </value>
         </item>
+        <item>
+            <key> <string>portal_type_group_filter</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>script_name</string> </key>
             <value>

master/bt5/slapos_jio/TestTemplateItem/portal_components/test.erp5.testSlapOSHypermediaSkins.py

@@ -2,11 +2,9 @@
 # Copyright (c) 2002-2013 Nexedi SA and Contributors. All Rights Reserved.
 import transaction
 from Products.SlapOS.tests.testSlapOSMixin import \
-  testSlapOSMixin
+  testSlapOSMixin, changeSkin, simulate
 from zExceptions import Unauthorized
-from Products.ERP5Type.tests.utils import createZODBPythonScript
 from unittest import skip
-from functools import wraps
 
 from ZPublisher.HTTPRequest import HTTPRequest
 from ZPublisher.HTTPResponse import HTTPResponse
@@ -14,40 +12,6 @@ from ZPublisher.HTTPResponse import HTTPResponse
 import json
 import StringIO
 
-def changeSkin(skin_name):
-  def decorator(func):
-    def wrapped(self, *args, **kwargs):
-      default_skin = self.portal.portal_skins.default_skin
-      self.portal.portal_skins.changeSkin(skin_name)
-      self.app.REQUEST.set('portal_skin', skin_name)
-      try:
-        v = func(self, *args, **kwargs)
-      finally:
-        self.portal.portal_skins.changeSkin(default_skin)
-        self.app.REQUEST.set('portal_skin', default_skin)
-      return v
-    return wrapped
-  return decorator
-
-def simulate(script_id, params_string, code_string):
-  def upperWrap(f):
-    @wraps(f)
-    def decorated(self, *args, **kw):
-      if script_id in self.portal.portal_skins.custom.objectIds():
-        raise ValueError('Precondition failed: %s exists in custom' % script_id)
-      createZODBPythonScript(self.portal.portal_skins.custom,
-                          script_id, params_string, code_string)
-      transaction.commit()
-      try:
-        result = f(self, *args, **kw)
-      finally:
-        if script_id in self.portal.portal_skins.custom.objectIds():
-          self.portal.portal_skins.custom.manage_delObjects(script_id)
-        transaction.commit()
-      return result
-    return decorated
-  return upperWrap
-
 def do_fake_request(request_method, headers={}):
   __version__ = "0.1"
   env={}
@@ -177,18 +141,7 @@ class TestSlapOSHypermediaMixin(testSlapOSMixin):
     transaction.abort()
 
   def _makePerson(self):
-    new_id = self.generateNewId()
-    person_user = self.portal.person_module.template_member.\
-                                 Base_createCloneDocument(batch_mode=1)
-    person_user.edit(
-      title="live_test_%s" % new_id,
-      reference="live_test_%s" % new_id,
-      default_email_text="live_test_%s@example.org" % new_id,
-    )
-
-    person_user.validate()
-    for assignment in person_user.contentValues(portal_type="Assignment"):
-      assignment.open()
+    person_user = self.makePerson()
     self.tic()
     self.changeSkin('Hal')
     return person_user
@@ -368,7 +321,7 @@ class TestSlapOSBase_getHateoasMaster(TestSlapOSHypermediaMixin):
   @changeSkin('Hal')
   def test_getHateoasMaster_instance_result(self):
     self._makeTree()
-    self.login(self.software_instance.getReference())
+    self.login(self.software_instance.getUserId())
     self.changeSkin('Hal')
     fake_request = do_fake_request("GET")
     result = self.portal.Base_getHateoasMaster(REQUEST=fake_request)
@@ -716,6 +669,7 @@ class TestSlapOSInstance_getHateoasNews(TestSlapOSHypermediaMixin):
         sla_xml=self.generateSafeXml(),
         connection_xml=self.generateSafeXml(),
     )
+    self._addERP5Login(instance)
     self.tic()
     return instance
 
@@ -803,6 +757,7 @@ class TestSlapOSInstance_getHateoasRelatedHostingSubscription(TestSlapOSHypermed
         sla_xml=self.generateSafeXml(),
         connection_xml=self.generateSafeXml(),
     )
+    self._addERP5Login(instance)
     self.tic()
     return instance
 
@@ -893,6 +848,7 @@ class TestSlapOSInstance_getHateoasInformation(TestSlapOSHypermediaMixin):
         sla_xml=self.generateSafeXml(),
         connection_xml=self.generateSafeXml(),
     )
+    self._addERP5Login(instance)
     self.tic()
     return instance
 

master/bt5/slapos_pdm/TestTemplateItem/portal_components/test.erp5.testSlapOSPDMSkins.py

@@ -27,28 +27,9 @@
 ##############################################################################
 
 import transaction
-from functools import wraps
-from Products.SlapOS.tests.testSlapOSMixin import testSlapOSMixin
-from Products.ERP5Type.tests.utils import createZODBPythonScript
+from Products.SlapOS.tests.testSlapOSMixin import testSlapOSMixin, simulate
 from DateTime import DateTime
 
-def simulate(script_id, params_string, code_string):
-  def upperWrap(f):
-    @wraps(f)
-    def decorated(self, *args, **kw):
-      if script_id in self.portal.portal_skins.custom.objectIds():
-        raise ValueError('Precondition failed: %s exists in custom' % script_id)
-      createZODBPythonScript(self.portal.portal_skins.custom,
-                          script_id, params_string, code_string)
-      try:
-        result = f(self, *args, **kw)
-      finally:
-        if script_id in self.portal.portal_skins.custom.objectIds():
-          self.portal.portal_skins.custom.manage_delObjects(script_id)
-        transaction.commit()
-      return result
-    return decorated
-  return upperWrap
 
 class TestSlapOSPDMSkins(testSlapOSMixin):
   def afterSetUp(self):
@@ -77,20 +58,7 @@ class TestSlapOSPDMSkins(testSlapOSMixin):
  
 
   def _makePerson(self):
-    # Clone person document
-    person_user = self.portal.person_module.template_member.\
-                                 Base_createCloneDocument(batch_mode=1)
-    person_user.edit(
-      title="live_test_%s" % self.new_id,
-      reference="live_test_%s" % self.new_id,
-      default_email_text="live_test_%s@example.org" % self.new_id,
-    )
-
-    person_user.validate()
-    for assignment in person_user.contentValues(portal_type="Assignment"):
-      assignment.open()
-    transaction.commit()
-
+    person_user = self.makePerson(new_id=self.new_id)
     return person_user
 
   def _makeComputer(self):

master/bt5/slapos_slap_tool/ExtensionTemplateItem/portal_components/extension.erp5.SlapOSSlapTool.py

@@ -3,7 +3,7 @@ from AccessControl.SecurityManagement import getSecurityManager, \
     setSecurityManager, newSecurityManager
 
 @UnrestrictedMethod
-def getComputerReference(item):
+def getComputerReferenceAndUserId(item):
   portal_type = item.getPortalType()
   computer = None
 
@@ -17,20 +17,28 @@ def getComputerReference(item):
       computer = partition.getParentValue()
 
   if computer is not None and computer.getValidationState() == 'validated':
-    return computer.getReference()
-  return None
+    return computer.getReference(), computer.getUserId()
+  return None, None
+
 
 def Item_activateFillComputerInformationCache(state_change):
   item = state_change['object']
   portal = item.getPortalObject()
-  computer_reference = getComputerReference(item)
+  computer_reference, user_id = getComputerReferenceAndUserId(item)
   if computer_reference is None:
     return None
 
+  if user_id is None:
+    return None
+
+  user = portal.acl_users.getUserById(user_id)
+
+  if user is None:
+    raise ValueError("User %s not found" % user_id)
+
   sm = getSecurityManager()
   try:
-    newSecurityManager(None,
-      portal.acl_users.getUserById(computer_reference))
+    newSecurityManager(None, user)
     portal.portal_slap._activateFillComputerInformationCache(
         computer_reference, computer_reference)
   finally:

master/bt5/slapos_slap_tool/PropertySheetTemplateItem/portal_property_sheets/SlapOSHateoasSystemPreference.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Property Sheet" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_count</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_mt_index</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_tree</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>SlapOSHateoasSystemPreference</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Property Sheet</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Length" module="BTrees.Length"/>
+    </pickle>
+    <pickle> <int>0</int> </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
+  <record id="4" aka="AAAAAAAAAAQ=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_slap_tool/PropertySheetTemplateItem/portal_property_sheets/SlapOSHateoasSystemPreference/preferred_hateoas_url_property.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Standard Property" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_local_properties</string> </key>
+            <value>
+              <tuple>
+                <dictionary>
+                  <item>
+                      <key> <string>id</string> </key>
+                      <value> <string>mode</string> </value>
+                  </item>
+                  <item>
+                      <key> <string>type</string> </key>
+                      <value> <string>string</string> </value>
+                  </item>
+                </dictionary>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>elementary_type/string</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string>Stores token server URL</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>preferred_hateoas_url_property</string> </value>
+        </item>
+        <item>
+            <key> <string>mode</string> </key>
+            <value> <string>w</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Standard Property</string> </value>
+        </item>
+        <item>
+            <key> <string>preference</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>property_default</string> </key>
+            <value> <string>python: \'\'</string> </value>
+        </item>
+        <item>
+            <key> <string>read_permission</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>write_permission</string> </key>
+            <value> <string>Manage properties</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_slap_tool/TestTemplateItem/portal_components/test.erp5.testSlapOSSlapTool.xml

@@ -48,22 +48,22 @@
               <tuple>
                 <string>W: 29, 10: Use of eval (eval-used)</string>
                 <string>W: 38,  2: Arguments number differs from overridden \'afterSetUp\' method (arguments-differ)</string>
-                <string>W:517, 13: Use of eval (eval-used)</string>
-                <string>W:568, 13: Use of eval (eval-used)</string>
-                <string>W:793, 13: Use of eval (eval-used)</string>
-                <string>W:1401, 13: Use of eval (eval-used)</string>
-                <string>W:1514, 13: Use of eval (eval-used)</string>
-                <string>W:1568, 13: Use of eval (eval-used)</string>
-                <string>W:1608, 13: Use of eval (eval-used)</string>
-                <string>W:2132,  2: Arguments number differs from overridden \'afterSetUp\' method (arguments-differ)</string>
-                <string>W:2229, 13: Use of eval (eval-used)</string>
-                <string>W:2614, 13: Use of eval (eval-used)</string>
-                <string>W:2668, 13: Use of eval (eval-used)</string>
-                <string>W:2695, 13: Use of eval (eval-used)</string>
-                <string>W:2850, 13: Use of eval (eval-used)</string>
-                <string>W:2878, 13: Use of eval (eval-used)</string>
-                <string>W:2927, 13: Use of eval (eval-used)</string>
-                <string>W:2974, 13: Use of eval (eval-used)</string>
+                <string>W:519, 13: Use of eval (eval-used)</string>
+                <string>W:570, 13: Use of eval (eval-used)</string>
+                <string>W:795, 13: Use of eval (eval-used)</string>
+                <string>W:1403, 13: Use of eval (eval-used)</string>
+                <string>W:1516, 13: Use of eval (eval-used)</string>
+                <string>W:1570, 13: Use of eval (eval-used)</string>
+                <string>W:1610, 13: Use of eval (eval-used)</string>
+                <string>W:2134,  2: Arguments number differs from overridden \'afterSetUp\' method (arguments-differ)</string>
+                <string>W:2231, 13: Use of eval (eval-used)</string>
+                <string>W:2616, 13: Use of eval (eval-used)</string>
+                <string>W:2670, 13: Use of eval (eval-used)</string>
+                <string>W:2697, 13: Use of eval (eval-used)</string>
+                <string>W:2852, 13: Use of eval (eval-used)</string>
+                <string>W:2880, 13: Use of eval (eval-used)</string>
+                <string>W:2929, 13: Use of eval (eval-used)</string>
+                <string>W:2976, 13: Use of eval (eval-used)</string>
               </tuple>
             </value>
         </item>

master/bt5/slapos_slap_tool/bt/template_property_sheet_id_list

+SlapOSHateoasSystemPreference
\ No newline at end of file

master/bt5/slapos_web/SkinTemplateItem/portal_skins/slapos_web/Alarm_checkPromiseSlapOSPASBase.py

-from Products.CMFActivity.ActiveResult import ActiveResult
-
-portal = context.getPortalObject()
-def mergePASDictDifference(portal, d, fixit):
-  plugins = portal.acl_users.plugins
-  error_list = []
-  plugin_type_info = plugins.listPluginTypeInfo()
-  for plugin, active_list in d.iteritems():
-    plugin_info = [q for q in plugin_type_info if q['id'] == plugin][0]
-    found_list = plugins.listPlugins(plugin_info['interface'])
-    meta_type_list = [q[1].meta_type for q in found_list]
-    for expected in active_list:
-      if expected not in meta_type_list:
-        error = 'Plugin %s missing %s.' % (plugin, expected)
-        if fixit:         
-          existing = [q for q in portal.acl_users.objectValues() if q.meta_type == expected]
-          if len(existing) == 0:
-            error_list.append('%s not found' % expected)
-          else:
-            plugins.activatePlugin(plugin_info['interface'], existing[0].getId())
-            error += ' Fixed.'
-        error_list.append(error)
-
-  return error_list
-
-pas_difference = mergePASDictDifference(portal, promise_dict, fixit)
-if len(pas_difference) != 0:
-  if fixit:
-    severity = 0
-  else:
-    severity = 1
-  summary = "PAS not configured as expected"
-  if fixit:
-    summary += ' (fixed)'
-  detail = "Difference:\n%s" % ('\n'.join(pas_difference), )
-else:
-  severity = 0
-  summary = "Nothing to do."
-  detail = ""
-
-active_result = ActiveResult()
-active_result.edit(
-  summary=summary, 
-  severity=severity,
-  detail=detail)
-
-context.newActiveProcess().postResult(active_result)