dms: do not grant permissions based on Owner role

.. except from Draft and Submitted state. Document security should be based on group, site, function defined on document, sometimes publication section and or follow up, but the owner should only be considered in draft state. For conveniance (and compatibility), Owner is also allowed to view in Submitted state. The use case is for when a user submit a document he will not be allowed to see, for example because he made a mistake when choosing properties, user is still allowed to view the document and there's no unauthorized error. We want to allow a user to set properties before publishing a document and later, once the document is no longer draft, the security of the document will be depending on these properties. We want to prevent users to get permissions on a PDF document that would be created by interactions and they are not supposed to see. For exemple when we generate a PDF invoice and store it in document module. In this case, as the interaction runs as the user, this user will have Owner role implicitely. (cherry picked from commit 1664e541)

dms: do not grant permissions based on Owner role
.. except from Draft and Submitted state. Document security should be based on group, site, function defined on document, sometimes publication section and or follow up, but the owner should only be considered in draft state. For conveniance (and compatibility), Owner is also allowed to view in Submitted state. The use case is for when a user submit a document he will not be allowed to see, for example because he made a mistake when choosing properties, user is still allowed to view the document and there's no unauthorized error. We want to allow a user to set properties before publishing a document and later, once the document is no longer draft, the security of the document will be depending on these properties. We want to prevent users to get permissions on a PDF document that would be created by interactions and they are not supposed to see. For exemple when we generate a PDF invoice and store it in document module. In this case, as the interaction runs as the user, this user will have Owner role implicitely. (cherry picked from commit 1664e541)
e14b1ba0 · Jérome Perrin · b3513b16 · e14b1ba0 · e14b1ba0 · e14b1ba0
Commit e14b1ba0 authored Sep 15, 2017 by Jérome Perrin
13 changed files
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
@@ -41,18 +41,12 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <tuple>
-          <string>Persistence</string>
-          <string>PersistentMapping</string>
-        </tuple>
-        <none/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
        <item>
-            <key> <string>_container</string> </key>
+            <key> <string>data</string> </key>
            <value>
              <dictionary>
                <item>
@@ -63,7 +57,6 @@
                        <string>Assignor</string>
                        <string>Associate</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -101,7 +94,6 @@
                        <string>Assignor</string>
                        <string>Associate</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/assigned.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/assigned.xml
@@ -46,10 +46,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -64,7 +61,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -104,7 +100,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml
@@ -44,18 +44,12 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <tuple>
-          <string>Persistence</string>
-          <string>PersistentMapping</string>
-        </tuple>
-        <none/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
        <item>
-            <key> <string>_container</string> </key>
+            <key> <string>data</string> </key>
            <value>
              <dictionary>
                <item>
@@ -65,7 +59,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -100,7 +93,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml
@@ -56,10 +56,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -74,7 +71,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -114,7 +110,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published.xml
@@ -48,18 +48,12 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <tuple>
-          <string>Persistence</string>
-          <string>PersistentMapping</string>
-        </tuple>
-        <none/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
        <item>
-            <key> <string>_container</string> </key>
+            <key> <string>data</string> </key>
            <value>
              <dictionary>
                <item>
@@ -72,7 +66,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -112,7 +105,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published_alive.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/published_alive.xml
@@ -48,10 +48,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -69,7 +66,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -112,7 +108,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml
@@ -50,18 +50,12 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <tuple>
-          <string>Persistence</string>
-          <string>PersistentMapping</string>
-        </tuple>
-        <none/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
        <item>
-            <key> <string>_container</string> </key>
+            <key> <string>data</string> </key>
            <value>
              <dictionary>
                <item>
@@ -73,7 +67,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -112,7 +105,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released_alive.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released_alive.xml
@@ -52,10 +52,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -72,7 +69,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -114,7 +110,6 @@
                        <string>Associate</string>
                        <string>Auditor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/requested.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/requested.xml
@@ -46,10 +46,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -64,7 +61,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -102,7 +98,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
@@ -50,10 +50,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -69,7 +66,6 @@
                        <string>Assignor</string>
                        <string>Associate</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -107,7 +103,6 @@
                        <string>Assignor</string>
                        <string>Associate</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared_alive.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared_alive.xml
@@ -56,10 +56,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -75,7 +72,6 @@
                        <string>Assignor</string>
                        <string>Associate</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -116,7 +112,6 @@
                        <string>Assignor</string>
                        <string>Associate</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/split.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/split.xml
@@ -44,10 +44,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -62,7 +59,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -102,7 +98,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>

--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/translated.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/translated.xml
@@ -48,10 +48,7 @@
  </record>
  <record id="2" aka="AAAAAAAAAAI=">
    <pickle>
-      <tuple>
-        <global name="PersistentMapping" module="Persistence.mapping"/>
-        <tuple/>
-      </tuple>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
    </pickle>
    <pickle>
      <dictionary>
@@ -66,7 +63,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>
@@ -104,7 +100,6 @@
                        <string>Assignee</string>
                        <string>Assignor</string>
                        <string>Manager</string>
-                        <string>Owner</string>
                      </tuple>
                    </value>
                </item>