Commit 5368dcfc authored by Rafael Monnerat's avatar Rafael Monnerat

Create and use Security Category Mapping Configurator Item

This Configurator Item configures the script ERP5Site_getSecurityCategoryMapping, This can be
combined with roles generations and categories spreadsheet in future to generate full security
definition.

Update configuration to use Security Category Mapping Configurator Item instead include the
script directly, otherwise it breaks the instance due the dependency with scripts on erp5_dms
parent 6c345360
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="ActionInformation" module="Products.CMFCore.ActionInformation"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>action</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>action_type/object_view</string>
</tuple>
</value>
</item>
<item>
<key> <string>category</string> </key>
<value> <string>object_view</string> </value>
</item>
<item>
<key> <string>condition</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>icon</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>view</string> </value>
</item>
<item>
<key> <string>permissions</string> </key>
<value>
<tuple>
<string>View</string>
</tuple>
</value>
</item>
<item>
<key> <string>priority</string> </key>
<value> <float>1.0</float> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string>View</string> </value>
</item>
<item>
<key> <string>visible</string> </key>
<value> <int>1</int> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="Expression" module="Products.CMFCore.Expression"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>text</string> </key>
<value> <string>string:${object_url}/ConfiguratorItem_view</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -35,6 +35,7 @@
<item>Role Configurator Item</item>
<item>Rule Configurator Item</item>
<item>Sale Trade Condition Configurator Item</item>
<item>Security Category Mapping Configurator Item</item>
<item>Service Configurator Item</item>
<item>Site Property Configurator Item</item>
<item>Solver Configurator Item</item>
......
......@@ -79,6 +79,12 @@
<key> <string>type_class</string> </key>
<value> <string>ConfigurationSave</string> </value>
</item>
<item>
<key> <string>type_interface</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>type_mixin</string> </key>
<value>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Base Type" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>content_icon</string> </key>
<value> <string>document.gif</string> </value>
</item>
<item>
<key> <string>content_meta_type</string> </key>
<value> <string>ERP5 Account Configurator Item</string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string> Setup an Alarm</string> </value>
</item>
<item>
<key> <string>factory</string> </key>
<value> <string>addAccountConfiguratorItem</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Security Category Mapping Configurator Item</string> </value>
</item>
<item>
<key> <string>init_script</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>permission</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>type_class</string> </key>
<value> <string>SecurityCategoryMappingConfiguratorItem</string> </value>
</item>
<item>
<key> <string>type_interface</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>type_mixin</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
544
\ No newline at end of file
545
\ No newline at end of file
......@@ -21,6 +21,7 @@ Purchase Trade Condition Configurator Item | view
Role Configurator Item | view
Rule Configurator Item | view
Sale Trade Condition Configurator Item | view
Security Category Mapping Configurator Item | view
Service Configurator Item | view
Site Property Configurator Item | view
Solver Configurator Item | view
......
......@@ -25,6 +25,7 @@ Configuration Save | Purchase Trade Condition Configurator Item
Configuration Save | Role Configurator Item
Configuration Save | Rule Configurator Item
Configuration Save | Sale Trade Condition Configurator Item
Configuration Save | Security Category Mapping Configurator Item
Configuration Save | Service Configurator Item
Configuration Save | Site Property Configurator Item
Configuration Save | Solver Configurator Item
......
......@@ -21,6 +21,7 @@ Purchase Trade Condition Configurator Item
Role Configurator Item
Rule Configurator Item
Sale Trade Condition Configurator Item
Security Category Mapping Configurator Item
Service Configurator Item
Site Property Configurator Item
Solver Configurator Item
......
......@@ -62,7 +62,10 @@ configuration_save.addConfigurationItem("Portal Type Roles Spreadsheet Configura
# Define standard module security. also.\n
configuration_save.addConfigurationItem("Permission Configurator Item",\n
filename="standard_module_permission_access.ods")\n
\n
\n
# Create ERP5Site_getSecurityCategoryMapping\n
configuration_save.addConfigurationItem("Security Category Mapping Configurator Item")\n
</string> </value>
</item>
<item>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
Core security script - defines the way to get security groups of the current user.\n
\n
WARNING: providing such script in erp5_dms could be dangerous\n
if this conflicts with an existing production site which uses\n
deprecated ERP5Type_asSecurityGroupIdList\n
"""\n
\n
return (\n
(\'ERP5Type_getSecurityCategoryFromAssignmentStrict\', [\'function\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignmentStrict\', [\'follow_up\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignmentStrict\', [\'function\', \'follow_up\'] ),\n
(\'ERP5Type_getSecurityCategoryFromAssignmentStrict\', [\'group\'] ),\n
(\'ERP5Type_getSecurityCategoryRoot\', [\'group\']),\n
)\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryMapping</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
637
\ No newline at end of file
638
\ No newline at end of file
##############################################################################
#
# Copyright (c) 2012 Nexedi SARL and Contributors. All Rights Reserved.
# Rafael Monnerat <rafael@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import zope.interface
from AccessControl import ClassSecurityInfo
from Products.ERP5Type import Permissions, PropertySheet, interfaces
from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Configurator.mixin.configurator_item import \
SkinConfiguratorItemMixin
class SecurityCategoryMappingConfiguratorItem(SkinConfiguratorItemMixin,
XMLObject):
""" Setup the ERP5Type_getSecurityCategoryMapping Python Script which
is the onde that defines the Security Mapping for the user login. """
meta_type = 'ERP5 Security Category Mapping Configurator Item'
portal_type = 'Security Category Mapping Configurator Item'
add_permission = Permissions.AddPortalContent
isPortalContent = 1
isRADContent = 1
# Declarative security
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
# Declarative interfaces
zope.interface.implements(interfaces.IConfiguratorItem)
# Declarative properties
property_sheets = ( PropertySheet.Base
, PropertySheet.XMLObject
, PropertySheet.CategoryCore
, PropertySheet.DublinCore
)
def _build(self, business_configuration):
portal_alarms = self.getPortalObject().portal_alarms
script_content = """return (
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['function']),
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['follow_up']),
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['function', 'follow_up']),
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['group']),
('ERP5Type_getSecurityCategoryRoot', ['group']),
)"""
folder = self._createSkinFolder()
self._createZODBPythonScript(folder,
'ERP5Type_getSecurityCategoryMapping',
'', script_content)
## add to customer template
self.install(folder, business_configuration)
##############################################################################
#
# Copyright (c) 2006 Nexedi SARL and Contributors. All Rights Reserved.
# Copyright (c) 2006-2012 Nexedi SARL and Contributors. All Rights Reserved.
# Romain Courteaud <romain@nexedi.com>
# Ivan Tyagov <ivan@nexedi.com>
# Rafael Monnerat <rafael@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
......@@ -71,3 +72,50 @@ class ConfiguratorItemMixin:
time.time()-start_build))
return result
class SkinConfiguratorItemMixin(ConfiguratorItemMixin):
""" Mixin which allows to create python scripts and/or skin
elements during the configuration.
"""
def install(self, skinfolder, business_configuration):
"""
"""
bt5_obj = business_configuration.getSpecialiseValue()
if bt5_obj is None:
LOG('ConfiguratorItem', INFO,
'Unable to find related business template to %s' % \
business_configuration.getRelativeUrl())
return
template_skin_id_list = list(bt5_obj.getTemplateSkinIdList())
if skinfolder.getId() not in template_skin_id_list:
template_skin_id_list.append(skinfolder.getId())
bt5_obj.edit(template_skin_id_list=template_skin_id_list)
def _createSkinFolder(self, folder_id="custom"):
""" Creates a new skin folder id if it do not exists and
update Skin information """
folder = getattr(self.portal_skins, folder_id, None)
if folder is not None:
return folder
folder = self.portal_skins.manage_addProduct['OFSP'].manage_addFolder(folder_id)
# Register on all skin selections.
def _createZODBPythonScript(self, container, script_id, script_params,
script_content):
"""Creates a Python script `script_id` in the given `container`, with
`script_params` and `script_content`.
If the container already contains an object with id `script_id`, this
object is removed first.
"""
if script_id in container.objectIds():
container.manage_delObjects([script_id])
container.manage_addProduct['PythonScripts']\
.manage_addPythonScript(id = script_id)
script = container._getOb(script_id)
script.ZPythonScript_edit(script_params, script_content)
container.portal_url.getPortalObject().changeSkin(None)
return script
......@@ -216,6 +216,37 @@ class TestConfiguratorItem(TestLiveConfiguratorWorkflowMixin):
item_brl._build(bc)
self.stepTic()
def testSecurityCategoryMappingConfiguratorItem(self):
""" Test Security Category Mapping Configurator Item
XXX This test and the Security Category Mapping should be improved to
allow provide the name of skin folder and the script/categories to
be used for the script oucome. For now it does the minimum.
"""
configuration_save = self.createConfigurationSave()
bc = configuration_save.getParentValue()
expect_script_outcome = (
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['function']),
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['follow_up']),
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['function', 'follow_up']),
('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['group']),
('ERP5Type_getSecurityCategoryRoot', ['group']),)
item = configuration_save.addConfigurationItem(
"Security Category Mapping Configurator Item")
self.stepTic()
item._build(bc)
self.stepTic()
# XXX Skin folder should be part of configuration and not always custom
security_script = getattr(self.portal.portal_skins.custom,
"ERP5Type_getSecurityCategoryMapping", None)
self.assertNotEquals(None, security_script)
self.assertEquals(security_script(), expect_script_outcome)
def testPortalTypeRolesSpreadsheetConfiguratorItem(self):
""" Test Portal Type Roles Configurator Item """
configuration_save = self.createConfigurationSave()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment