slapos_erp5: Allow members of the same project "see" each other

This is required mostly to be able to edit parameters on the Hosting Subscription shared by others users. This feature, also allow us list "Project Members" in futures, to know it the invitations were used by proper users.

slapos_erp5: Allow members of the same project "see" each other
This is required mostly to be able to edit parameters on the Hosting Subscription shared by others users. This feature, also allow us list "Project Members" in futures, to know it the invitations were used by proper users.
a61a533c · Rafael Monnerat · 8f40cc3c · a61a533c · a61a533c · a61a533c
Commit a61a533c authored Jun 10, 2021 by Rafael Monnerat
4 changed files
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml
@@ -5,6 +5,12 @@
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Project Member can see each other</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromChildAssignmentList</property>
+   <multi_property id='categories'>local_role_group/project</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
+  </role>
  <role id='Auditor'>
   <property id='title'>The Shadow User Himself</property>
   <property id='description'>Monovalued role</property>

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.py
+"""
+This script returns a list of dictionaries which represent
+the security groups which a person is member of. It extracts
+the categories from the current content. It is useful in the
+following cases:
+
+- calculate a security group based on a given
+  category of all Assifbment subobjects (ex. destination_project). This
+  is used for example in ERP5 to calculate
+  security of person objects so that members 
+  of the same project can view each other.
+
+The parameters are
+
+  base_category_list -- list of category values we need to retrieve
+  user_name          -- string obtained from getSecurityManager().getUser().getId()
+  object             -- object which we want to assign roles to
+  portal_type        -- portal type of object
+
+NOTE: for now, this script requires proxy manager
+"""
+
+category_list = []
+
+if object is None:
+  return []
+
+person_object = object
+
+# We look for every valid assignments of this user
+for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
+  if assignment.getValidationState() == 'open':
+    category_dict = {}
+    for base_category in base_category_list:
+      category_value_list = assignment.getAcquiredValueList(base_category)
+      if category_value_list:
+        for category_value in category_value_list:
+          category_dict.setdefault(base_category, []).append('%s' % category_value.getRelativeUrl())
+    category_list.append(category_dict)
+
+return category_list
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>base_category_list, user_name, object, portal_type</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ERP5Type_getSecurityCategoryFromChildAssignmentList</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -719,6 +719,29 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin):
  def test_TheUserHimself_Certificate(self):
    self.test_TheUserHimself(login_portal_type="Certificate Login")

+  def test_ProjectMember(self, login_portal_type="ERP5 Login"):
+    person = self.portal.person_module.newContent(portal_type='Person')
+    person.newContent(portal_type=login_portal_type)
+    project = self.portal.project_module.newContent(
+      portal_type="Project"
+    )
+    project.validate()
+    person.newContent(portal_type='Assignment',
+      destination_project_value=project).open()
+    self.tic()
+    person.updateLocalRolesOnSecurityGroups()
+
+    shadow_reference = 'SHADOW-%s' % person.getUserId()
+    self.assertSecurityGroup(person,
+        ['G-COMPANY', self.user_id, person.getUserId(), shadow_reference, 
+        project.getReference()], False)
+    self.assertRoles(person, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(person, person.getUserId(), ['Assignee'])
+    self.assertRoles(person, shadow_reference, ['Auditor'])
+    self.assertRoles(person, project.getReference(), ['Auditor'])
+    self.assertRoles(person, self.user_id, ['Owner'])
+
+

 class TestERP5Login(TestSlapOSGroupRoleSecurityMixin):