Commit 24ce164d authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

core: cleanup Base_setDefaultSecurity.

parent 5a94f5fd
...@@ -52,11 +52,8 @@ ...@@ -52,11 +52,8 @@
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>permission_list = context.possible_permissions()\n <value> <string>permission_list = context.possible_permissions()\n
\n \n
# First, remove all permissions (very secure by default)\n # First, only Manager has the permission by default\n
# We should keep only Manager, or we will not be able to\n manager_permission_list = permission_list\n
# do the end of the script\n
for permission in permission_list:\n
context.manage_permission(permission, [\'Manager\'], 0)\n
\n \n
# Then, define default ERP5 permissions\n # Then, define default ERP5 permissions\n
common_permission_list = [p for p in [\n common_permission_list = [p for p in [\n
...@@ -91,7 +88,7 @@ erp5_role_dict = {\n ...@@ -91,7 +88,7 @@ erp5_role_dict = {\n
\'Associate\': common_permission_list + auditor_permission_list,\n \'Associate\': common_permission_list + auditor_permission_list,\n
\'Auditor\' : common_permission_list + auditor_permission_list,\n \'Auditor\' : common_permission_list + auditor_permission_list,\n
\'Author\': common_permission_list + author_permission_list,\n \'Author\': common_permission_list + author_permission_list,\n
\'Manager\': permission_list\n \'Manager\': manager_permission_list\n
}\n }\n
\n \n
# Add ERP5 permissions\n # Add ERP5 permissions\n
...@@ -102,8 +99,12 @@ for role,permission_list in erp5_role_dict.items():\n ...@@ -102,8 +99,12 @@ for role,permission_list in erp5_role_dict.items():\n
erp5_permission_dict[permission] = []\n erp5_permission_dict[permission] = []\n
erp5_permission_dict[permission].append(role)\n erp5_permission_dict[permission].append(role)\n
\n \n
for permission,role_list in erp5_permission_dict.items():\n for permission,role_list in sorted(erp5_permission_dict.items()):\n
context.manage_permission(permission,role_list, 0)\n # Acquire permission if the role list is same as parent\n
if sorted([x[\'name\'] for x in context.aq_parent.rolesOfPermission(permission) if x[\'selected\']]) == sorted(role_list):\n
context.manage_permission(permission, [], 1)\n
else:\n
context.manage_permission(permission,role_list, 0)\n
\n \n
return "finished"\n return "finished"\n
</string> </value> </string> </value>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment