Finish security configuration of the sale division.

Allow sale division to create all kind of events.
Allow sale division to create persons and organisations.
Add a live test to check the use cases.

master/bt5/vifib_erp5/LocalRolesTemplateItem/organisation_module.xml

@@ -4,6 +4,10 @@
    <item>Auditor</item>
    <item>Author</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
   <role id='R-COMPUTER'>
    <item>Auditor</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/organisation_module/vifib_internet.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='R-MEMBER'>
    <item>Auditor</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module.xml

@@ -4,6 +4,10 @@
    <item>Auditor</item>
    <item>Author</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
   <role id='R-MEMBER'>
    <item>Auditor</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_hr_admin.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_updated_vifib_user.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_vifib_admin.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_vifib_customer.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_vifib_customer_a.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='supergabriel'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_vifib_developer.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_vifib_member.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_vifib_user_admin.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/LocalRolesTemplateItem/person_module/test_vifib_user_developer.xml

@@ -3,6 +3,9 @@
   <role id='F-PRODUCTION_G-COMPANY'>
    <item>Assignor</item>
   </role>
+  <role id='F-SALE_G-COMPANY'>
+   <item>Assignor</item>
+  </role>
   <role id='romain'>
    <item>Owner</item>
   </role>

master/bt5/vifib_erp5/PathTemplateItem/person_module/test_sale_agent.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Person" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_Access_contents_information_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Associate</string>
+                <string>Auditor</string>
+                <string>Author</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Add_portal_content_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Associate</string>
+                <string>Author</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Modify_portal_content_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Associate</string>
+                <string>Author</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_View_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Associate</string>
+                <string>Auditor</string>
+                <string>Author</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>__translation_dict</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_count</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_mt_index</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_tree</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>default_reference</string> </key>
+            <value> <string>test_sale_agent</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>first_name</string> </key>
+            <value> <string>Vifib Test</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>test_sale_agent</string> </value>
+        </item>
+        <item>
+            <key> <string>last_name</string> </key>
+            <value> <string>Sale</string> </value>
+        </item>
+        <item>
+            <key> <string>password</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAU=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Person</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Length" module="BTrees.Length"/>
+    </pickle>
+    <pickle> <int>0</int> </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
+  <record id="4" aka="AAAAAAAAAAQ=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
+  <record id="5" aka="AAAAAAAAAAU=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>default</string> </key>
+                    <value> <string>{SSHA}45nzuib8NqsbP8Lctl2p3azUSRRloO/cYm5t</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/vifib_erp5/PathTemplateItem/person_module/test_sale_agent/1.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Assignment" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_Access_contents_information_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignor</string>
+                <string>Auditor</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Modify_portal_content_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_View_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignor</string>
+                <string>Auditor</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_identity_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_range_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>group/company</string>
+                <string>function/sale</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>1</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Assignment</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>Sale Division</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <global name="PersistentMapping" module="Persistence.mapping"/>
+        <tuple/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <tuple>
+        <global name="PersistentMapping" module="Persistence.mapping"/>
+        <tuple/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/vifib_erp5/PathTemplateItem/person_module/test_sale_agent/default_career.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Career" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_Access_contents_information_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Auditor</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Modify_portal_content_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_View_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Auditor</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>role/internal</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>default_career</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Career</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/vifib_erp5/PathTemplateItem/person_module/test_sale_agent/default_email.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Email" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>coordinate_text</string> </key>
+            <value> <string>test_sale_agent@vifib.com</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>default_email</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Email</string> </value>
+        </item>
+        <item>
+            <key> <string>sid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>url_string</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Acknowledgement.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Organisation%20Module.xml

@@ -9,6 +9,13 @@
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Auditor; Author'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
   <role id='Auditor; Author'>
    <property id='title'>SlapOS Master Operation</property>
    <multi_property id='category'>function/production</multi_property>

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Organisation.xml

@@ -4,6 +4,13 @@
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Assignor'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
   <role id='Assignor'>
    <property id='title'>SlapOS Master Operation</property>
    <multi_property id='category'>function/production</multi_property>

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Person%20Module.xml

@@ -4,6 +4,13 @@
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Auditor; Author'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
   <role id='Auditor; Author'>
    <property id='title'>SlapOS Master Operation</property>
    <multi_property id='category'>function/production</multi_property>

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Person.xml

 <type_roles>
+  <role id='Assignor'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
   <role id='Assignor'>
    <property id='title'>SlapOS Master Operation</property>
    <multi_property id='category'>function/production</multi_property>

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Short%20Message.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Site%20Message.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Web%20Message.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Sale division</property>
+   <multi_property id='category'>function/sale</multi_property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/vifib_erp5/TestTemplateItem/testVifibCRMSecurity.py

+##############################################################################
+#
+# Copyright (c) 2011 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+##############################################################################
+
+from VifibMixin import testVifibMixin
+from AccessControl import Unauthorized
+from Products.ERP5Type.tests.SecurityTestCase import SecurityTestCase
+
+sale_login_id = 'test_sale_agent'
+member_login_id = 'test_vifib_customer'
+
+class TestVifibCRMSecurity(testVifibMixin, SecurityTestCase):
+  def getTitle(self):
+    return "Vifib CRM Security"
+
+  def test_CampaignSecurity(self):
+    """
+    Sale division should be able to manage campaign.
+    Anonymous/member has no permission to any campaign.
+    """
+    # Sale division
+    self.login(user_name=sale_login_id)
+    # Try to acceed the campaign module through restrictedTraverse
+    # This will test the security of the module
+    campaign_module_id = self.portal.getDefaultModuleId(portal_type='Campaign')
+    campaign_module = self.portal.restrictedTraverse(campaign_module_id)
+    # Add campaign
+    campaign = campaign_module.newContent(portal_type='Campaign')
+    # Edit the campaign
+    campaign.edit(
+      title='Test Vifib Campaign',
+    )
+    campaign_relative_url = campaign.getRelativeUrl()
+    self.stepTic()
+    self.assertEquals(1, len(self.portal.portal_catalog(
+      relative_url=campaign_relative_url)))
+    # XXX TODO: test real CRM use case related to the security
+    self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", campaign)
+    self.logout()
+
+    # Member
+    self.login(user_name=member_login_id)
+    self.assertRaises(Unauthorized,
+                      self.portal.restrictedTraverse,
+                      [campaign_module_id]
+    )
+    self.assertEquals(0, len(self.portal.portal_catalog(
+      relative_url=campaign_relative_url)))
+    self.logout()
+
+    # Anonymous
+    self.assertRaises(Unauthorized,
+                      self.portal.restrictedTraverse,
+                      [campaign_module_id]
+    )
+    self.assertEquals(0, len(self.portal.portal_catalog(
+      relative_url=campaign_relative_url)))
+
+  def test_SupportRequestSecurity(self):
+    """
+    Sale division should be able to manage support request.
+    Anonymous/member has no permission to any support request.
+    """
+    # Sale division
+    self.login(user_name=sale_login_id)
+    # Try to acceed the support_request module through restrictedTraverse
+    # This will test the security of the module
+    support_request_module_id = self.portal.getDefaultModuleId(
+      portal_type='Support Request')
+    support_request_module = self.portal.restrictedTraverse(
+        support_request_module_id)
+    # Add support_request
+    support_request = support_request_module.newContent(
+      portal_type='Support Request')
+    # Edit the support_request
+    support_request.edit(
+      title='Test Vifib Support Request',
+    )
+    support_request_relative_url = support_request.getRelativeUrl()
+    self.stepTic()
+    self.assertEquals(1, len(self.portal.portal_catalog(
+      relative_url=support_request_relative_url)))
+    # XXX TODO: test real CRM use case related to the security
+    self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor",
+                                      support_request)
+    self.logout()
+
+    # Member
+    self.login(user_name=member_login_id)
+    self.assertRaises(Unauthorized,
+                      self.portal.restrictedTraverse,
+                      [support_request_module_id]
+    )
+    self.assertEquals(0, len(self.portal.portal_catalog(
+      relative_url=support_request_relative_url)))
+    self.logout()
+
+    # Anonymous
+    self.assertRaises(Unauthorized,
+                      self.portal.restrictedTraverse,
+                      [support_request_module_id]
+    )
+    self.assertEquals(0, len(self.portal.portal_catalog(
+      relative_url=support_request_relative_url)))
+
+  def test_NotificationMessageSecurity(self):
+    """
+    Sale division should be able to manage notification message.
+    Anonymous/member has no permission to any notification message.
+    """
+    # Sale division
+    self.login(user_name=sale_login_id)
+    # Try to acceed the notification_message module through restrictedTraverse
+    # This will test the security of the module
+    notification_message_module_id = self.portal.getDefaultModuleId(
+      portal_type='Notification Message')
+    notification_message_module = self.portal.restrictedTraverse(
+      notification_message_module_id)
+    # Add notification_message
+    notification_message = notification_message_module.newContent(
+      portal_type='Notification Message')
+    # Edit the notification_message
+    notification_message.edit(
+      title='Test Vifib Notification Message',
+    )
+    notification_message_relative_url = notification_message.getRelativeUrl()
+    self.stepTic()
+    self.assertEquals(1, len(self.portal.portal_catalog(
+      relative_url=notification_message_relative_url)))
+    # XXX TODO: test real CRM use case related to the security
+    self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor",
+                                      notification_message)
+    self.logout()
+
+    # Member
+    self.login(user_name=member_login_id)
+    self.assertRaises(Unauthorized,
+                      self.portal.restrictedTraverse,
+                      [notification_message_module_id]
+    )
+    self.assertEquals(0, len(self.portal.portal_catalog(
+      relative_url=notification_message_relative_url)))
+    self.logout()
+
+    # Anonymous
+    self.assertRaises(Unauthorized,
+                      self.portal.restrictedTraverse,
+                      [notification_message_module_id]
+    )
+    self.assertEquals(0, len(self.portal.portal_catalog(
+      relative_url=notification_message_relative_url)))
+
+  def test_EventSecurity(self):
+    """
+    Sale division should be able to manage event.
+    Anonymous/member has no permission to any event.
+    """
+    # Sale division
+    self.login(user_name=sale_login_id)
+    # Try to acceed the event module through restrictedTraverse
+    # This will test the security of the module
+    event_module_id = self.portal.getDefaultModuleId(
+      portal_type='Fax Message')
+    event_module = self.portal.restrictedTraverse(
+      event_module_id)
+    self.logout()
+
+    for portal_type in self.portal.getPortalEventTypeList():
+      # Sale division
+      self.login(user_name=sale_login_id)
+
+      # Add event
+      event = event_module.newContent(
+        portal_type=portal_type)
+      # Edit the event
+      event.edit(
+        title='Test Vifib %s' % portal_type,
+      )
+      event_relative_url = event.getRelativeUrl()
+      self.stepTic()
+      self.assertEquals(1, len(self.portal.portal_catalog(
+        relative_url=event_relative_url)))
+      # XXX TODO: test real CRM use case related to the security
+      self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", event)
+      self.logout()
+
+      # Member
+      self.login(user_name=member_login_id)
+      self.assertRaises(Unauthorized,
+                        self.portal.restrictedTraverse,
+                        [event_module_id]
+      )
+      self.assertEquals(0, len(self.portal.portal_catalog(
+        relative_url=event_relative_url)))
+      self.logout()
+
+      # Anonymous
+      self.assertRaises(Unauthorized,
+                        self.portal.restrictedTraverse,
+                        [event_module_id]
+      )
+      self.assertEquals(0, len(self.portal.portal_catalog(
+        relative_url=event_relative_url)))
+
+  def test_PersonSecurity(self):
+    """
+    Sale division should be able to manage person.
+    """
+    # Sale division
+    self.login(user_name=sale_login_id)
+    # Try to acceed the person module through restrictedTraverse
+    # This will test the security of the module
+    person_module_id = self.portal.getDefaultModuleId(
+      portal_type='Person')
+    person_module = self.portal.restrictedTraverse(
+      person_module_id)
+
+    # Add person
+    person = person_module.newContent(
+      portal_type="Person")
+    # Edit the person
+    person.edit(
+      title='Test Vifib Person'
+    )
+    person_relative_url = person.getRelativeUrl()
+    self.stepTic()
+    self.assertEquals(1, len(self.portal.portal_catalog(
+      relative_url=person_relative_url)))
+    # XXX TODO: test real CRM use case related to the security
+    self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", person)
+    self.logout()
+
+  def test_OrganisationSecurity(self):
+    """
+    Sale division should be able to manage organisation.
+    """
+    # Sale division
+    self.login(user_name=sale_login_id)
+    # Try to acceed the organisation module through restrictedTraverse
+    # This will test the security of the module
+    organisation_module_id = self.portal.getDefaultModuleId(
+      portal_type='Organisation')
+    organisation_module = self.portal.restrictedTraverse(
+      organisation_module_id)
+
+    # Add organisation
+    organisation = organisation_module.newContent(
+      portal_type="Organisation")
+    # Edit the organisation
+    organisation.edit(
+      title='Test Vifib Organisation'
+    )
+    organisation_relative_url = organisation.getRelativeUrl()
+    self.stepTic()
+    self.assertEquals(1, len(self.portal.portal_catalog(
+      relative_url=organisation_relative_url)))
+    # XXX TODO: test real CRM use case related to the security
+    self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", organisation)
+    self.logout()
+

master/bt5/vifib_erp5/bt/revision

-236
\ No newline at end of file
+237
\ No newline at end of file

master/bt5/vifib_erp5/bt/template_local_roles_list

 accounting_module
-event_module
-notification_message_module
-support_request_module
 business_process_module
 business_process_module/erp5_default_business_process
 campaign_module
@@ -10,8 +7,10 @@ computer_module/test_computer
 credential_update_module
 currency_module
 currency_module/EUR
+event_module
 hosting_subscription_module
 internal_packing_list_module
+notification_message_module
 open_sale_order_module
 organisation_module
 organisation_module/vifib_internet
@@ -36,4 +35,5 @@ software_instance_module
 software_product_module
 software_product_module/test_software_product
 software_release_module
-software_release_module/test_software_release
\ No newline at end of file
+software_release_module/test_software_release
+support_request_module
\ No newline at end of file

master/bt5/vifib_erp5/bt/template_path_list

 person_module/test_hr_admin
 person_module/test_hr_admin/**
+person_module/test_sale_agent
+person_module/test_sale_agent/**
 person_module/test_updated_vifib_user
 person_module/test_vifib_admin
 person_module/test_vifib_admin/**

master/bt5/vifib_erp5/bt/template_portal_type_role_list

 Accounting Transaction
 Accounting Transaction Module
+Acknowledgement
 Assignment
 Business Process
 Business Process Module
@@ -38,6 +39,8 @@ Sale Trade Condition
 Sale Trade Condition Module
 Service
 Service Module
+Short Message
+Site Message
 Slave Instance
 Software Instance
 Software Instance Module
@@ -47,4 +50,5 @@ Software Release
 Software Release Module
 Support Request
 Support Request Module
-Visit
\ No newline at end of file
+Visit
+Web Message
\ No newline at end of file

master/bt5/vifib_erp5/bt/template_portal_type_roles_list

 Accounting Transaction
-Fax Message
-Letter
-Mail Message
-Note
-Notification Message
-Phone Call
-Support Request
-Visit
-Event Module
-Notification Message Module
-Support Request Module
 Accounting Transaction Module
+Acknowledgement
 Assignment
 Business Process
 Business Process Module
@@ -21,16 +11,24 @@ Computer Module
 Credential Update Module
 Currency
 Currency Module
+Event Module
+Fax Message
 Hosting Subscription
 Hosting Subscription Module
 Internal Packing List
 Internal Packing List Module
+Letter
+Mail Message
+Note
+Notification Message
+Notification Message Module
 Open Sale Order
 Open Sale Order Module
 Organisation
 Organisation Module
 Person
 Person Module
+Phone Call
 Purchase Packing List
 Purchase Packing List Module
 Sale Order
@@ -41,10 +39,16 @@ Sale Trade Condition
 Sale Trade Condition Module
 Service
 Service Module
+Short Message
+Site Message
 Slave Instance
 Software Instance
 Software Instance Module
 Software Product
 Software Product Module
 Software Release
-Software Release Module
\ No newline at end of file
+Software Release Module
+Support Request
+Support Request Module
+Visit
+Web Message
\ No newline at end of file

master/bt5/vifib_erp5/bt/template_test_id_list

 testVifibPersonSecurity
+testVifibCRMSecurity
 testVifibModuleSecurity
 testVifibUserAdmin
 testVifibUserCustomer