Commit ccd5e55a authored by Romain Courteaud's avatar Romain Courteaud

Give access to shadow user on payment transaction.

parent 1fc2b56e
......@@ -4,4 +4,10 @@
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Shadow User</property>
<property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
<property id='base_category_script'>PaymentTransactionType_getSecurityCategoryFromUser</property>
<multi_property id='base_category'>aggregate</multi_property>
</role>
</type_roles>
\ No newline at end of file
......@@ -15,6 +15,10 @@
<type>Hosting Subscription</type>
<workflow>local_permission_slapos_interaction_workflow</workflow>
</chain>
<chain>
<type>Payment Transaction</type>
<workflow>local_permission_slapos_interaction_workflow</workflow>
</chain>
<chain>
<type>Person</type>
<workflow>local_permission_slapos_interaction_workflow</workflow>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current content. It is useful in the\n
following cases:\n
\n
- calculate a security group based on a given\n
category of the current object (ex. group). This\n
is used for example in ERP5 DMS to calculate\n
document security.\n
\n
- assign local roles to a document based on\n
the person which the object related to through\n
a given base category (ex. destination). This\n
is used for example in ERP5 Project to calculate\n
Task / Task Report security.\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
if obj is None:\n
return []\n
\n
person = obj.getDestinationSectionValue(portal_type="Person")\n
if person is not None:\n
for base_category in base_category_list:\n
return {"Auditor": ["SHADOW-%s" % person.getReference()]}\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, obj, portal_type</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>PaymentTransactionType_getSecurityCategoryFromUser</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -841,6 +841,23 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(product, 'G-COMPANY', ['Assignor'])
self.assertRoles(product, self.user_id, ['Owner'])
def test_ShadowUser(self):
reference = 'TESTPERSON-%s' % self.generateNewId()
person = self.portal.person_module.newContent(portal_type='Person',
reference=reference)
product = self.portal.accounting_module.newContent(
portal_type='Payment Transaction')
product.edit(
destination_section_value=person,
)
product.updateLocalRolesOnSecurityGroups()
shadow_reference = 'SHADOW-%s' % reference
self.assertSecurityGroup(product,
['G-COMPANY', self.user_id, shadow_reference], False)
self.assertRoles(product, 'G-COMPANY', ['Assignor'])
self.assertRoles(product, shadow_reference, ['Auditor'])
self.assertRoles(product, self.user_id, ['Owner'])
class TestPurchaseInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self):
product = self.portal.accounting_module.newContent(
......
......@@ -261,3 +261,19 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
self.assertSecurityGroup(slave_instance, [self.user_id, 'G-COMPANY',
software_instance.getReference(), computer.getReference(),
hosting_subscription.getReference()], False)
def test_PaymentTransaction_setDestinationSection(self):
self._makePerson()
payment_transaction = self.portal.accounting_module.newContent(
portal_type='Payment Transaction')
self.assertSecurityGroup(payment_transaction, [self.user_id,
'G-COMPANY'],
False)
payment_transaction.edit(
destination_section=self.person_user.getRelativeUrl())
transaction.commit()
self.assertSecurityGroup(payment_transaction, [self.user_id,
'G-COMPANY', 'SHADOW-%s' % self.person_user.getReference()],
False)
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="InteractionDefinition" module="Products.ERP5.Interaction"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>actbox_category</string> </key>
<value> <string>workflow</string> </value>
</item>
<item>
<key> <string>actbox_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>actbox_url</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>activate_script_name</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>after_script_name</string> </key>
<value>
<list>
<string>Base_updateAllLocalRoles</string>
</list>
</value>
</item>
<item>
<key> <string>before_commit_script_name</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>guard</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>PaymentTransaction_edit</string> </value>
</item>
<item>
<key> <string>method_id</string> </key>
<value>
<list>
<string>_setDestinationSection.*</string>
</list>
</value>
</item>
<item>
<key> <string>once_per_transaction</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>portal_type_filter</string> </key>
<value>
<list>
<string>Payment Transaction</string>
</list>
</value>
</item>
<item>
<key> <string>script_name</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>temporary_document_disallowed</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>trigger_type</string> </key>
<value> <int>2</int> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
130
\ No newline at end of file
131
\ No newline at end of file
......@@ -2,6 +2,7 @@ Computer Model | local_permission_slapos_interaction_workflow
Computer Network | local_permission_slapos_interaction_workflow
Computer | local_permission_slapos_interaction_workflow
Hosting Subscription | local_permission_slapos_interaction_workflow
Payment Transaction | local_permission_slapos_interaction_workflow
Person | local_permission_slapos_interaction_workflow
Slave Instance | local_permission_slapos_interaction_workflow
Software Installation | local_permission_slapos_interaction_workflow
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment