Commit c81129c9 authored by Bartek Górny's avatar Bartek Górny

JP's corrections and changes to security settings

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@11441 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent ed8cdbd5
<type_roles>
<role id='Assignor'>
<property id='title'>Team Reviewer</property>
<property id='description'>The head of the team who is in charge of reviewing documents published by his team. He is granted special rights on documents produced by his team.
(if the doc is collaborative or personal but for team)</property>
<property id='condition'>python: not object.getSourceProject() and (object.isMemberOf('classification/collaborative') or object.isMemberOf('personal/team'))</property>
<property id='priority'>10</property>
<property id='description'>The head of the team who is in charge of reviewing documents published by his team. He is granted special rights on documents produced by his team.</property>
<property id='condition'>python: not object.getSourceProject()</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/publication/reviewer</multi_property>
<multi_property id='base_category'>group</multi_property>
......@@ -14,26 +13,23 @@
<property id='title'>Project Assignees</property>
<property id='description'>In a project collaborative document, all project members have a right to access and modify a document before release or publication.</property>
<property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/collaborative/project')</property>
<property id='priority'>10</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Associate'>
<property id='title'>Project Associates</property>
<property id='description'>In a project document, all project members have a right to access the document before it is released or published.</property>
<property id='condition'>python:object.getSourceProject() and (object.isMemberOf('classification/collaborative/project') or object.isMemberOf('classification/personal/project'))</property>
<property id='priority'>10</property>
<property id='condition'>python:object.getSourceProject()</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Project Reviewer</property>
<property id='description'>The head of the project who is in charge of reviewing documents produced by the project before release or publication.
(if it is a project document, either collaborative or personal)</property>
<property id='condition'>python:object.getSourceProject() and (object.isMemberOf('classification/collaborative/project') or object.isMemberOf('classification/personal/project'))</property>
<property id='priority'>10</property>
<property id='description'>The head of the project who is in charge of reviewing documents produced by the project before release or publication.</property>
<property id='condition'>python:object.getSourceProject()</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/project/director</multi_property>
<multi_property id='base_category'>source_project</multi_property>
......@@ -42,9 +38,8 @@
<property id='title'>Team Associates</property>
<property id='description'>All team members have a right to access non restricted documents before their release or publication.</property>
<property id='condition'>python:not object.isMemberOf('classification/personnal/restricted')</property>
<property id='priority'>10</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>function</multi_property>
<multi_property id='base_category'>site</multi_property>
......@@ -52,7 +47,7 @@
<role id='Auditor'>
<property id='title'>Management</property>
<property id='description'>Management has to access anydocument in the system.</property>
<property id='priority'>10</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/hq</multi_property>
</role>
......
<type_roles>
<role id='Associate'>
<property id='title'>Project Associates</property>
<property id='description'>Policy: */project
Rule: all project members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Project Director</property>
<property id='description'>Policy: */project
Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10</property>
<property id='title'>Team Reviewer</property>
<property id='description'>The head of the team who is in charge of reviewing documents published by his team. He is granted special rights on documents produced by his team.</property>
<property id='condition'>python: not object.getSourceProject()</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>source_project</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Owner</property>
<property id='description'>Policy: */*
Rule: the creator is Assignee - can edit the doc and submit it</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>reference</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Organisation members</property>
<property id='description'>Policy: */*
Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
This does not apply if it is a project document and does not have a project</property>
<property id='condition'>python: not object.Document_policyApplies('*/restricted') and (object.Document_policyApplies('*/project') or not object.Document_policyApplies('*/project',True) )</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
<multi_property id='category'></multi_property>
<multi_property id='category'>function/publication/reviewer</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>site</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Project Collaborators</property>
<property id='description'>Policy: collaborative/project
Rule: all members of project team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/project')</property>
<property id='priority'>10</property>
<property id='title'>Project Assignees</property>
<property id='description'>In a project collaborative document, all project members have a right to access and modify a document before release or publication.</property>
<property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/collaborative/project')</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Associate'>
<property id='title'>Project Associates</property>
<property id='description'>In a project document, all project members have a right to access the document before it is released or published.</property>
<property id='condition'>python: object.getSourceProject()</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Team Director</property>
<property id='description'>Policy: */team
Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>function</multi_property>
<property id='title'>Project Reviewer</property>
<property id='description'>The head of the project who is in charge of reviewing documents produced by the project before release or publication.</property>
<property id='condition'>python: object.getSourceProject()</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/project/director</multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Associate'>
<property id='title'>Team Associates</property>
<property id='description'>Policy: */team
Rule: all team members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Team Collaborators</property>
<property id='description'>Policy: collaborative/team
Rule: all members of the team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/team')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Public Collaborators</property>
<property id='description'>Policy: collaborative/public
Rule: everyone in the organisation (root group) can edit the doc before it is submitted, and can suggest its publication</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
<multi_property id='category'></multi_property>
<property id='description'>All team members have a right to access non restricted documents before their release or publication.</property>
<property id='condition'>python:not object.isMemberOf('classification/personnal/restricted')</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Public Reviewer</property>
<property id='description'>Policy: collaborative/public
Rule: any person with knowledge/manager role can publish the document and manage access rights to it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>function</multi_property>
<multi_property id='base_category'>site</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Management</property>
<property id='description'>Management has to access anydocument in the system.</property>
<property id='priority'>10.0</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/hq</multi_property>
</role>
</type_roles>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment