Drop support for NuxUserGroups

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@30257 20353a03-c40f-0410-a6d1-a30d3c3de9de

bt5/erp5_budget/SkinTemplateItem/portal_skins/erp5_budget.xml

@@ -9,12 +9,6 @@
     </pickle>
     <pickle>
       <dictionary>
-        <item>
-            <key> <string>__ac_local_group_roles__</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
         <item>
             <key> <string>_local_properties</string> </key>
             <value>

bt5/erp5_budget/bt/revision

-247
\ No newline at end of file
+248
\ No newline at end of file

bt5/erp5_ingestion/ToolTemplateItem/portal_contributions.xml

@@ -1460,12 +1460,6 @@
               </tuple>
             </value>
         </item>
-        <item>
-            <key> <string>__ac_local_group_roles__</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
         <item>
             <key> <string>_count</string> </key>
             <value>

bt5/erp5_ingestion/bt/revision

-54
\ No newline at end of file
+55
\ No newline at end of file

product/ERP5/Document/BusinessTemplate.py

@@ -4468,36 +4468,21 @@ class LocalRolesTemplateItem(BaseTemplateItem):
       obj = p.unrestrictedTraverse(path.split('/', 1)[1])
       local_roles_dict = getattr(obj, '__ac_local_roles__',
                                         {}) or {}
-      group_local_roles_dict = getattr(obj, '__ac_local_group_roles__',
-                                        {}) or {}
-      self._objects[path] = (local_roles_dict, group_local_roles_dict)
+      self._objects[path] = (local_roles_dict, )
 
   # Function to generate XML Code Manually
   def generateXml(self, path=None):
-    local_roles_dict, group_local_roles_dict = self._objects[path]
-    local_roles_keys = local_roles_dict.keys()
-    group_local_roles_keys = group_local_roles_dict.keys()
-    local_roles_keys.sort()
-    group_local_roles_keys.sort()
+    local_roles_dict, = self._objects[path]
     # local roles
     xml_data = '<local_roles_item>'
     xml_data += '\n <local_roles>'
-    for key in local_roles_keys:
+    for key in sorted(local_roles_dict):
       xml_data += "\n  <role id='%s'>" %(key,)
       tuple = local_roles_dict[key]
       for item in tuple:
         xml_data += "\n   <item>%s</item>" %(item,)
       xml_data += '\n  </role>'
     xml_data += '\n </local_roles>'
-    # group local roles
-    xml_data += '\n <group_local_roles>'
-    for key in group_local_roles_keys:
-      xml_data += "\n  <role id='%s'>" %(key,)
-      tuple = group_local_roles_dict[key]
-      for item in tuple:
-        xml_data += '\n   <item>%s</item>' %(item,)
-      xml_data += '\n  </role>'
-    xml_data += '\n </group_local_roles>'
     xml_data += '\n</local_roles_item>'
     return xml_data
 
@@ -4538,20 +4523,7 @@ class LocalRolesTemplateItem(BaseTemplateItem):
       for item in item_list:
         item_type_list.append(str(item.childNodes[0].data))
       local_roles_dict[id] = item_type_list
-    # group local roles
-    group_local_roles = xml.getElementsByTagName('group_local_roles')[0]
-    local_roles_list = group_local_roles.getElementsByTagName('role')
-    group_local_roles_dict = {}
-    for role in local_roles_list:
-      id = role.getAttribute('id')
-      if isinstance(id, unicode):
-        id = id.encode('utf-8')
-      item_type_list = []
-      item_list = role.getElementsByTagName('item')
-      for item in item_list:
-        item_type_list.append(str(item.childNodes[0].data))
-      group_local_roles_dict[id] = item_type_list
-    self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, group_local_roles_dict)
+    self._objects['local_roles/'+file_name[:-4]] = (local_roles_dict, )
 
   def install(self, context, trashbin, **kw):
     update_dict = kw.get('object_to_update')
@@ -4565,9 +4537,8 @@ class LocalRolesTemplateItem(BaseTemplateItem):
             continue
         path = roles_path.split('/')[1:]
         obj = p.unrestrictedTraverse(path)
-        local_roles_dict, group_local_roles_dict = self._objects[roles_path]
+        local_roles_dict, = self._objects[roles_path]
         setattr(obj, '__ac_local_roles__', local_roles_dict)
-        setattr(obj, '__ac_local_group_roles__', group_local_roles_dict)
 
   def uninstall(self, context, **kw):
     p = context.getPortalObject()
@@ -4575,7 +4546,6 @@ class LocalRolesTemplateItem(BaseTemplateItem):
       path = roles_path.split('/')[1:]
       obj = p.unrestrictedTraverse(path)
       setattr(obj, '__ac_local_roles__', {})
-      setattr(obj, '__ac_local_group_roles__', {})
 
 class BusinessTemplate(XMLObject):
     """

product/ERP5/ERP5Site.py

@@ -1793,18 +1793,8 @@ class ERP5Generator(PortalGenerator):
       # Calling ERP5Site_reindexAll is useless.
 
   def setupUserFolder(self, p):
-    # We use if possible ERP5Security, then NuxUserGroups
-    try:
       from Products import ERP5Security
       from Products import PluggableAuthService
-    except ImportError:
-      ERP5Security = None
-      try:
-        import Products.NuxUserGroups
-        withnuxgroups = 1
-      except ImportError:
-        withnuxgroups = 0
-    if ERP5Security is not None:
       # Use Pluggable Auth Service instead of the standard acl_users.
       p.manage_addProduct['PluggableAuthService'].addPluggableAuthService()
       pas_dispatcher = p.acl_users.manage_addProduct['PluggableAuthService']
@@ -1842,12 +1832,6 @@ class ERP5Generator(PortalGenerator):
       p.acl_users.erp5_roles.manage_activateInterfaces(('IRolesPlugin',))
       p.acl_users.erp5_user_factory.manage_activateInterfaces(
                                         ('IUserFactoryPlugin',))
-    elif withnuxgroups:
-      # NuxUserGroups user folder
-      p.manage_addProduct['NuxUserGroups'].addUserFolderWithGroups()
-    else:
-      # Standard user folder
-      PortalGenerator.setupUserFolder(self, p)
 
   def setupPermissions(self, p):
     permission_dict = {

product/ERP5/bootstrap/erp5_core/PathTemplateItem/portal_preferences/default_site_preference.xml

@@ -54,21 +54,6 @@
               </tuple>
             </value>
         </item>
-        <item>
-            <key> <string>__ac_local_group_roles__</string> </key>
-            <value>
-              <dictionary>
-                <item>
-                    <key> <string>role:Authenticated</string> </key>
-                    <value>
-                      <list>
-                        <string>Auditor</string>
-                      </list>
-                    </value>
-                </item>
-              </dictionary>
-            </value>
-        </item>
         <item>
             <key> <string>_count</string> </key>
             <value>

product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getUserAssignmentList.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <tuple>
-        <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
-        <tuple/>
-      </tuple>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>Script_magic</string> </key>
-            <value> <int>3</int> </value>
-        </item>
-        <item>
-            <key> <string>_bind_names</string> </key>
-            <value>
-              <object>
-                <klass>
-                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
-                </klass>
-                <tuple/>
-                <state>
-                  <dictionary>
-                    <item>
-                        <key> <string>_asgns</string> </key>
-                        <value>
-                          <dictionary>
-                            <item>
-                                <key> <string>name_container</string> </key>
-                                <value> <string>container</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_context</string> </key>
-                                <value> <string>context</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_m_self</string> </key>
-                                <value> <string>script</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_subpath</string> </key>
-                                <value> <string>traverse_subpath</string> </value>
-                            </item>
-                          </dictionary>
-                        </value>
-                    </item>
-                  </dictionary>
-                </state>
-              </object>
-            </value>
-        </item>
-        <item>
-            <key> <string>_body</string> </key>
-            <value> <string># XXX For now, this script requires proxy manager\n
-\n
-# user_folder: NuxUserGroups or PluggableAuthService at the root of the ERP5Site.\n
-user_folder = context.portal_url.getPortalObject()[\'acl_users\']\n
-\n
-# This script must work with NuxUserGroup and PAS\n
-PAS_installed = 0\n
-if user_folder.meta_type == \'Pluggable Auth Service\':\n
-  PAS_installed = 1\n
-\n
-# get the current logged in user\n
-if PAS_installed:\n
-  user_id = context.portal_membership.getAuthenticatedMember().getId()\n
-else:\n
-  user_id = context.portal_membership.getAuthenticatedMember().getUserName()\n
-person = context.person[user_id]\n
-\n
-assignment_list = person.contentValues(filter={\'portal_type\': \'Assignment\'})\n
-\n
-if len(assignment_list) == 0:\n
-  return []\n
-\n
-valid_assignment_list = []\n
-\n
-for a in assignment_list:\n
-  if a.getValidationState() == \'open\':\n
-    valid_assignment_list.append(a)\n
-\n
-return valid_assignment_list\n
-</string> </value>
-        </item>
-        <item>
-            <key> <string>_code</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_params</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>_proxy_roles</string> </key>
-            <value>
-              <tuple>
-                <string>Manager</string>
-              </tuple>
-            </value>
-        </item>
-        <item>
-            <key> <string>errors</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-        <item>
-            <key> <string>func_code</string> </key>
-            <value>
-              <object>
-                <klass>
-                  <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
-                </klass>
-                <tuple/>
-                <state>
-                  <dictionary>
-                    <item>
-                        <key> <string>co_argcount</string> </key>
-                        <value> <int>0</int> </value>
-                    </item>
-                    <item>
-                        <key> <string>co_varnames</string> </key>
-                        <value>
-                          <tuple>
-                            <string>_getitem_</string>
-                            <string>_getattr_</string>
-                            <string>context</string>
-                            <string>user_folder</string>
-                            <string>PAS_installed</string>
-                            <string>user_id</string>
-                            <string>person</string>
-                            <string>assignment_list</string>
-                            <string>len</string>
-                            <string>valid_assignment_list</string>
-                            <string>_getiter_</string>
-                            <string>a</string>
-                          </tuple>
-                        </value>
-                    </item>
-                  </dictionary>
-                </state>
-              </object>
-            </value>
-        </item>
-        <item>
-            <key> <string>func_defaults</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>Base_getUserAssignmentList</string> </value>
-        </item>
-        <item>
-            <key> <string>title</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>warnings</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>

product/ERP5/bootstrap/erp5_core/bt/revision

-1359
\ No newline at end of file
+1360
\ No newline at end of file

product/ERP5/tests/testBusinessTemplate.py

@@ -1914,16 +1914,13 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
     """
     new_local_roles = {'ac':['Owner', 'Manager'],
                        'group_function': ['Auditor']}
-    new_local_group_roles = {'role:Authenticated':['Owner', 'Manager']}
     p = self.getPortal()
     module_id = sequence.get('module_id')
     module = p._getOb(module_id, None)
     self.failUnless(module is not None)
     module.__ac_local_roles__ = new_local_roles
-    module.__ac_local_group_roles__ = new_local_group_roles
     self.assertEquals(module.__ac_local_roles__, new_local_roles)
-    self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles)
-    sequence.edit(local_roles=new_local_roles, local_group_roles=new_local_group_roles)
+    sequence.edit(local_roles=new_local_roles)
 
   def stepRemoveLocalRoles(self, sequence=None, sequence_list=None, **kw):
     """
@@ -1934,11 +1931,8 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
     module = p._getOb(module_id, None)
     self.failUnless(module is not None)
     module.__ac_local_roles__ = {'someone_else': ['Associate']}
-    module.__ac_local_group_roles__ = {}
     new_local_roles = sequence.get('local_roles')
-    new_local_group_roles = sequence.get('local_group_roles')
     self.assertNotEquals(module.__ac_local_roles__, new_local_roles)
-    self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles)
 
   def stepAddLocalRolesToBusinessTemplate(self, sequence=None, sequence_list=None, **kw):
     """
@@ -1954,26 +1948,22 @@ class TestBusinessTemplate(ERP5TypeTestCase, LogInterceptor):
     Check presence of local roles
     """
     new_local_roles = sequence.get('local_roles')
-    new_local_group_roles = sequence.get('local_group_roles')
     p = self.getPortal()
     module_id = sequence.get('module_id')
     module = p._getOb(module_id, None)
     self.failUnless(module is not None)
     self.assertEquals(module.__ac_local_roles__, new_local_roles)
-    self.assertEquals(module.__ac_local_group_roles__, new_local_group_roles)
 
   def stepCheckLocalRolesRemoved(self, sequence=None, sequence_list=None, **kw):
     """
     Check non-presence of local roles
     """
     new_local_roles = sequence.get('local_roles')
-    new_local_group_roles = sequence.get('local_group_roles')
     p = self.getPortal()
     module_id = sequence.get('module_id')
     module = p._getOb(module_id, None)
     self.failUnless(module is not None)
     self.assertNotEquals(module.__ac_local_roles__, new_local_roles)
-    self.assertNotEquals(module.__ac_local_group_roles__, new_local_group_roles)
 
   # Document, Property Sheet, Extension And Test
   # they use the same class so only one test is required for them

product/ERP5/tests/testImmobilisation.py

@@ -121,18 +121,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
       self.getUserFolder()._doAddUser('manager', '', all_roles, [])
     self.login('manager')
     self.assignPASRolesToUser('test_user_1_', all_roles)
-    
-  
-  def checkUserFolderType(self, quiet=0, run=run_all_test):
-    """
-      Check the type of user folder to let the test working with both NuxUserGroup and PAS.
-    """
-    self.user_folder = self.getUserFolder()
-    self.PAS_installed = 0
-    if self.user_folder.meta_type == 'Pluggable Auth Service':
-      # we use PAS
-      self.PAS_installed = 1
-      
+
+
   def assignPASRolesToUser(self, user_name, role_list, quiet=0, run=run_all_test):
     """
       Assign a list of roles to one user with PAS.
@@ -163,20 +153,8 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
                                       , group             = user_data[3]
                                       , site              = user_data[4]
                                       )
-        if self.PAS_installed and len(user_roles) > 0:
-          # In the case of PAS, if we want global roles on user, we have to do it manually.
-          self.assignPASRolesToUser(user_login, user_roles)
-        elif not self.PAS_installed:
-          # The user_folder counterpart of the erp5 user must be
-          #   created manually in the case of NuxUserGroup.
-          self.user_folder.userFolderAddUser( name     = user_login
-                                            , password = ''
-                                            , roles    = user_roles
-                                            , domains  = []
-                                            )
-        # User assignment to security groups is also required, but is taken care of
-        #   by the assignment workflow when NuxUserGroup is used and
-        #   by ERP5Security PAS plugins in the context of PAS use.
+        # In the case of PAS, if we want global roles on user, we have to do it manually.
+        self.assignPASRolesToUser(user_login, user_roles)
         assignment.open()
         person.validate()
 
@@ -234,7 +212,6 @@ class TestImmobilisationMixin(ERP5TypeTestCase):
     self.tic()
 
     self.workflow_tool = self.getWorkflowTool()
-    self.checkUserFolderType()
 
   def beforeTearDown(self):
     """

product/ERP5Catalog/CatalogTool.py

@@ -35,7 +35,6 @@ from Products.ERP5Type.Cache import CachingMethod
 from AccessControl import ClassSecurityInfo, getSecurityManager
 from Products.CMFCore.CatalogTool import IndexableObjectWrapper as CMFCoreIndexableObjectWrapper
 from Products.CMFCore.utils import UniqueObject, _checkPermission, _getAuthenticatedUser, getToolByName
-from Products.CMFCore.utils import _mergedLocalRoles
 from Products.ERP5Type.Globals import InitializeClass, DTMLFile, package_home
 from Acquisition import aq_base, aq_inner, aq_parent, ImplicitAcquisitionWrapper
 from DateTime.DateTime import DateTime
@@ -49,6 +48,7 @@ from Products.CMFCore.Expression import Expression
 from Products.PageTemplates.Expressions import getEngine
 from MethodObject import Method
 
+from Products.ERP5Security import mergedLocalRoles
 from Products.ERP5Security.ERP5UserManager import SUPER_USER
 from Products.ERP5Type.Utils import sqlquote
 
@@ -57,42 +57,11 @@ import sys
 from zLOG import LOG, PROBLEM, WARNING, INFO
 import sets
 
-SECURITY_USING_NUX_USER_GROUPS, SECURITY_USING_PAS = range(2)
 ACQUIRE_PERMISSION_VALUE = []
 
-try:
-  from Products.PluggableAuthService import PluggableAuthService
-  PAS_meta_type = PluggableAuthService.PluggableAuthService.meta_type
-except ImportError:
-  PAS_meta_type = ''
-try:
-  from Products.ERP5Security import mergedLocalRoles as PAS_mergedLocalRoles
-except ImportError:
-  pass
-
-try:
-  from Products.NuxUserGroups import UserFolderWithGroups
-  NUG_meta_type = UserFolderWithGroups.meta_type
-except ImportError:
-  NUG_meta_type = ''
-try:
-  from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
-  from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
-except ImportError:
-  pass
-
 from Persistence import Persistent
 from Acquisition import Implicit
 
-def getSecurityProduct(acl_users):
-  """returns the security used by the user folder passed.
-  (NuxUserGroup, ERP5Security, or None if anything else).
-  """
-  if acl_users.meta_type == PAS_meta_type:
-    return SECURITY_USING_PAS
-  elif acl_users.meta_type == NUG_meta_type:
-    return SECURITY_USING_NUX_USER_GROUPS
-
 
 class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
 
@@ -118,17 +87,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
       result_key = '_cache_result'
       if result_key not in self.__dict__:
         ob = self.__ob
-        security_product = getSecurityProduct(ob.acl_users)
-        withnuxgroups = security_product == SECURITY_USING_NUX_USER_GROUPS
-        withpas = security_product == SECURITY_USING_PAS
-
-        if withnuxgroups:
-          localroles = mergedLocalRoles(ob, withgroups=1)
-        elif withpas:
-          localroles = PAS_mergedLocalRoles(ob)
-        else:
-          # CMF
-          localroles = _mergedLocalRoles(ob)
+        localroles = mergedLocalRoles(ob)
         # For each group or user, we have a list of roles, this list
         # give in this order : [roles on object, roles acquired on the parent,
         # roles acquired on the parent of the parent....]
@@ -170,10 +129,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
         user_role_dict = {}
         user_view_permission_role_dict = {}
         for user, roles in localroles.iteritems():
-          if withnuxgroups:
-            prefix = user
-          else:
-            prefix = 'user:' + user
+          prefix = 'user:' + user
           for role in roles:
             if (role in role_dict) and (getUserById(user) is not None):
               # If role is monovalued, check if key is a user.
@@ -408,8 +364,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
       return msg
         
     def _listAllowedRolesAndUsers(self, user):
-      security_product = getSecurityProduct(self.acl_users)
-      if security_product == SECURITY_USING_PAS:
         # We use ERP5Security PAS based authentication
         try:
           # check for proxy role in stack
@@ -436,10 +390,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
                 result.append('user:%s' % group)
         # end groups
         return result
-      elif security_product == SECURITY_USING_NUX_USER_GROUPS:
-        return _getAllowedRolesAndUsers(user)
-      else:
-        return CMFCoreCatalogTool._listAllowedRolesAndUsers(self, user)
 
     # Schema Management
     def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):

product/ERP5Type/ERP5Type.py

@@ -35,22 +35,10 @@ from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
 from Products.ERP5Type.Utils import deprecated, createExpressionContext
 from Products.ERP5Type.XMLObject import XMLObject
 from Products.ERP5Type.Cache import CachingMethod
+from Products.ERP5Security import ERP5UserManager
 
 ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT = 'ERP5Type_asSecurityGroupId'
 
-# Security uses ERP5Security by default
-try:
-  from Products.ERP5Security import ERP5UserManager
-except ImportError:
-  ERP5UserManager = None
-
-# If ERP5Security is not installed try NuxUserGroups
-if ERP5UserManager is None:
-  try:
-    from Products import NuxUserGroups
-  except ImportError:
-    NuxUserGroups = None
-
 from TranslationProviderBase import TranslationProviderBase
 
 from sys import exc_info
@@ -81,48 +69,23 @@ class LocalRoleAssignorMixIn(object):
         if owner:
           user_name = owner[1]
         else:
-          #FIXME We should check the type of the acl_users folder instead of
-          #      checking which product is installed.
-          if ERP5UserManager is not None:
-            # We use id for roles in ERP5Security
-            user_name = getSecurityManager().getUser().getId()
-          elif NuxUserGroups is not None:
-            user_name = getSecurityManager().getUser().getUserName()
-          else:
-            raise RuntimeError('Product "ERP5Security" was not found on your'
-              ' setup. Please install it to benefit from group-based security')
+          user_name = getSecurityManager().getUser().getId()
 
       group_id_role_dict = self.getLocalRolesFor(ob, user_name)
 
-      # Update role assignments to groups
-      if ERP5UserManager is not None: # Default implementation
-        # Clean old group roles
-        old_group_list = ob.get_local_roles()
-        ob.manage_delLocalRoles([x[0] for x in old_group_list])
-        # Save the owner
-        for group, role_list in old_group_list:
-          if 'Owner' in role_list:
-            group_id_role_dict.setdefault(group, set()).add('Owner')
-        # Assign new roles
-        for group, role_list in group_id_role_dict.iteritems():
-          if role_list:
-            ob.manage_addLocalRoles(group, role_list)
-      else: # NuxUserGroups implementation
-        # Clean old group roles
-        old_group_list = ob.get_local_group_roles()
-        # We duplicate role settings to mimic PAS
-        ob.manage_delLocalGroupRoles([x[0] for x in old_group_list])
-        ob.manage_delLocalRoles([x[0] for x in old_group_list])
-        # Save the owner
-        for group, role_list in old_group_list:
-          if 'Owner' in role_list:
-            group_id_role_dict.setdefault(group, set()).add('Owner')
-        # Assign new roles
-        for group, role_list in group_id_role_dict.iteritems():
-          # We duplicate role settings to mimic PAS
-          ob.manage_addLocalGroupRoles(group, role_list)
+      ## Update role assignments to groups
+      # Clean old group roles
+      old_group_list = ob.get_local_roles()
+      ob.manage_delLocalRoles([x[0] for x in old_group_list])
+      # Save the owner
+      for group, role_list in old_group_list:
+        if 'Owner' in role_list:
+          group_id_role_dict.setdefault(group, set()).add('Owner')
+      # Assign new roles
+      for group, role_list in group_id_role_dict.iteritems():
+        if role_list:
           ob.manage_addLocalRoles(group, role_list)
-      # Make sure that the object is reindexed
+      ## Make sure that the object is reindexed
       if reindex:
         ob.reindexObjectSecurity()
 

product/ERP5Type/tests/ERP5TypeTestCase.py

@@ -123,7 +123,6 @@ ZopeTestCase.installProduct('PortalTransforms', quiet=install_product_quiet)
 ZopeTestCase.installProduct('MimetypesRegistry', quiet=install_product_quiet)
 
 # Security Stuff
-ZopeTestCase.installProduct('NuxUserGroups', quiet=install_product_quiet)
 ZopeTestCase.installProduct('PluggableAuthService', quiet=install_product_quiet)
 ZopeTestCase.installProduct('ERP5Security', quiet=install_product_quiet)