slapos_erp5: Update security to allow user share Computers/Hosting Subscriptions/Computer Network

5aa2c232 · Rafael Monnerat · f2b9f45b · 5aa2c232 · 5aa2c232 · 5aa2c232
Commit 5aa2c232 authored Jul 04, 2019 by Rafael Monnerat
10 changed files
--- a/master/bt5/slapos_erp5/PathTemplateItem/portal_categories/local_role_group/organisation.xml
+++ b/master/bt5/slapos_erp5/PathTemplateItem/portal_categories/local_role_group/organisation.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Category" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_Add_portal_content_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignor</string>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Add_portal_folders_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignor</string>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Copy_or_Move_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignor</string>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Delete_objects_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignor</string>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Modify_portal_content_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Manager</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>local_role_group/user</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>organisation</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Category</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>organisation</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml
@@ -12,6 +12,12 @@
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Organisation Member</property>
+   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationSection</property>
+   <multi_property id='categories'>local_role_group/project</multi_property>
+   <multi_property id='base_category'>destination_section</multi_property>
+  </role>
  <role id='Assignee'>
   <property id='title'>Person Owner</property>
   <property id='description'>XXX Review this</property>
@@ -27,7 +33,7 @@
  </role>
  <role id='Assignee'>
   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementSourceProject</property>
+   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationProject</property>
   <multi_property id='categories'>local_role_group/project</multi_property>
   <multi_property id='base_category'>destination_project</multi_property>
  </role>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer.xml
@@ -19,9 +19,15 @@
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Organisation Member</property>
+   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationSection</property>
+   <multi_property id='categories'>local_role_group/project</multi_property>
+   <multi_property id='base_category'>destination_section</multi_property>
+  </role>
  <role id='Assignee'>
   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementSourceProject</property>
+   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationProject</property>
   <multi_property id='categories'>local_role_group/project</multi_property>
   <multi_property id='base_category'>destination_project</multi_property>
  </role>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Hosting%20Subscription.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Hosting%20Subscription.xml
@@ -11,9 +11,15 @@
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Organisation Member</property>
+   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationSection</property>
+   <multi_property id='categories'>local_role_group/project</multi_property>
+   <multi_property id='base_category'>destination_section</multi_property>
+  </role>
  <role id='Assignee'>
   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementSourceProject</property>
+   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationProject</property>
   <multi_property id='categories'>local_role_group/project</multi_property>
   <multi_property id='base_category'>destination_project</multi_property>
  </role>

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ExternalMethod" module="Products.ExternalMethod.ExternalMethod"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_function</string> </key>
+            <value> <string>getSecurityCategoryFromAssignmentDestinationClientOrganisation</string> </value>
+        </item>
+        <item>
+            <key> <string>_module</string> </key>
+            <value> <string>SlapOSSecurity</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryMapping.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryMapping.py
@@ -11,7 +11,7 @@ return (
  ('ERP5Type_getSecurityCategoryFromAssignment', ['group']),
  ('ERP5Type_getSecurityCategoryFromAssignment', ['role']),
  ('ERP5Type_getSecurityCategoryFromAssignment', ['destination_project']),
-  ('ERP5Type_getSecurityCategoryFromAssignment', ['destination']),
+  ('ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation', ['destination']),
  
  # Computer security
  ('ERP5Type_getComputerSecurityCategory', ['role']),

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementSourceProject.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementSourceProject.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementSourceProject.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementSourceProject.xml
@@ -62,7 +62,7 @@
        </item>
        <item>
            <key> <string>id</string> </key>
-            <value> <string>Item_getSecurityCategoryFromMovementSourceProject</string> </value>
+            <value> <string>Item_getSecurityCategoryFromMovementDestinationProject</string> </value>
        </item>
      </dictionary>
    </pickle>

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.py
+"""
+This script returns a list of dictionaries which represent
+the security groups which a person is member of. It extracts
+the categories from the current content. It is useful in the
+following cases:
+
+- calculate a security group based on a given
+  category of the current object (ex. group). This
+  is used for example in ERP5 DMS to calculate
+  document security.
+
+- assign local roles to a document based on
+  the person which the object related to through
+  a given base category (ex. destination). This
+  is used for example in ERP5 Project to calculate
+  Task / Task Report security.
+
+The parameters are
+
+  base_category_list -- list of category values we need to retrieve
+  user_name          -- string obtained from getSecurityManager().getUser().getId()
+  object             -- object which we want to assign roles to
+  portal_type        -- portal type of object
+
+NOTE: for now, this script requires proxy manager
+"""
+
+category_list = []
+
+if obj is None:
+  return []
+
+# Object on this case can be Hosting Subscription, Computer, or Computer Network
+organisation = obj.Item_getCurrentSectionValue()
+if organisation is not None and \
+  organisation.getPortalType() == "Organisation":
+  category_list.append({'destination_section': [organisation.getRelativeUrl()]})
+
+return category_list
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>base_category_list, user_name, obj, portal_type</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Item_getSecurityCategoryFromMovementDestinationSection</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>