slapos_erp5: [Security] Update security for Organisation and Projects

   Organisation is going to be used as Site to identify the Location of a group of Computers.
   User can add Organisations
   User can add Projects
   Owners are also Assignees on theirs Orgsanisations and Projects

master/bt5/slapos_erp5/LocalRolesTemplateItem/organisation_module.xml

@@ -9,12 +9,10 @@
   </role>
   <role id='R-MEMBER'>
    <item>Auditor</item>
+   <item>Author</item>
   </role>
   <role id='R-SHADOW-PERSON'>
    <item>Auditor</item>
   </role>
-  <role id='zope'>
-   <item>Owner</item>
-  </role>
  </local_roles>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/project_module.xml

+<local_roles_item>
+ <local_roles>
+  <role id='G-COMPANY'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
+  <role id='R-COMPUTER'>
+   <item>Auditor</item>
+  </role>
+  <role id='R-MEMBER'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
+  <role id='R-SHADOW-PERSON'>
+   <item>Auditor</item>
+  </role>
+ </local_roles>
+</local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation%20Module.xml

@@ -4,7 +4,7 @@
    <multi_property id='category'>role/computer</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
-  <role id='Auditor'>
+  <role id='Auditor; Author'>
    <property id='title'>Customer</property>
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml

@@ -9,6 +9,12 @@
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Assignee'>
+   <property id='title'>Person Owner</property>
+   <property id='description'>XXXX Review this later</property>
+   <property id='base_category_script'>ERP5Type_acquireSecurityFromOwner</property>
+   <multi_property id='base_category'>source</multi_property>
+  </role>
   <role id='Auditor'>
    <property id='title'>Person Shadow</property>
    <multi_property id='category'>role/shadow/person</multi_property>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project%20Module.xml

+<type_roles>
+  <role id='Auditor'>
+   <property id='title'>Computer</property>
+   <multi_property id='category'>role/computer</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+  <role id='Auditor; Author'>
+   <property id='title'>Customer</property>
+   <multi_property id='category'>role/member</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+  <role id='Author; Auditor'>
+   <property id='title'>Group company</property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml

+<type_roles>
+  <role id='Assignor'>
+   <property id='title'>Group company</property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Member</property>
+   <multi_property id='category'>role/member</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Person Owner</property>
+   <property id='description'>XXXX Review this later</property>
+   <property id='base_category_script'>ERP5Type_acquireSecurityFromOwner</property>
+   <multi_property id='base_category'>source</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py

@@ -429,7 +429,7 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(organisation, 'G-COMPANY', ['Assignor'])
     self.assertRoles(organisation, 'R-MEMBER', ['Auditor'])
     self.assertRoles(organisation, 'R-SHADOW-PERSON', ['Auditor'])
-    self.assertRoles(organisation, self.user_id, ['Owner'])
+    self.assertRoles(organisation, self.user_id, ['Owner', 'Assignee'])
 
   test_Member = test_GroupCompany
 
@@ -439,12 +439,36 @@ class TestOrganisationModule(TestSlapOSGroupRoleSecurityMixin):
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
         ['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', self.user_id, 'R-SHADOW-PERSON'], False)
-    self.assertRoles(module, 'R-MEMBER', ['Auditor'])
+    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
+    self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
+    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
+    self.assertRoles(module, self.user_id, ['Owner'])
+
+class TestProjectModule(TestSlapOSGroupRoleSecurityMixin):
+  def test(self):
+    module = self.portal.project_module
+    self.changeOwnership(module)
+    self.assertSecurityGroup(module,
+        ['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', self.user_id, 'R-SHADOW-PERSON'], True)
+    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
     self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
     self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
     self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
+class TestProject(TestSlapOSGroupRoleSecurityMixin):
+  def test_GroupCompany(self):
+    project = self.portal.project_module.newContent(
+        portal_type='Project')
+    project.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(project,
+        ['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False)
+    self.assertRoles(project, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(project, 'R-MEMBER', ['Auditor'])
+    self.assertRoles(project, 'R-SHADOW-PERSON', ['Auditor'])
+    self.assertRoles(project, self.user_id, ['Owner', 'Assignee'])
+
 class TestPDF(TestSlapOSGroupRoleSecurityMixin):
   def test_SecurityForShacache(self):
     pdf = self.portal.document_module.newContent(portal_type='PDF')

master/bt5/slapos_erp5/bt/template_local_role_list

@@ -47,6 +47,7 @@ portal_gadgets
 portal_integrations
 portal_integrations/slapos_payzen_test_integration
 product_module
+project_module
 purchase_order_module
 purchase_trade_condition_module
 query_module

master/bt5/slapos_erp5/bt/template_portal_type_role_list

@@ -73,6 +73,8 @@ Phone Call
 Presentation
 Product
 Product Module
+Project
+Project Module
 Purchase Invoice Transaction
 Purchase Order
 Purchase Order Module

master/product/SlapOS/tests/testSlapOSMixin.py

@@ -34,6 +34,8 @@ from Products.ERP5Type.tests.utils import DummyMailHost
 from Products.ERP5Type.Utils import convertToUpperCase
 import os
 import glob
+from functools import wraps
+from Products.ERP5Type.tests.utils import createZODBPythonScript
 from AccessControl.SecurityManagement import getSecurityManager, \
     setSecurityManager