slapos_erp5: fixup shadow user permission on payment transaction

6e5c94cc · Romain Courteaud · 35e7326f · 6e5c94cc · 6e5c94cc · 6e5c94cc
Commit 6e5c94cc authored Feb 13, 2024 by Romain Courteaud 🐸
3 changed files
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
 <type_roles>
-  <role id='Assignee'>
-   <property id='title'>Person Shadow</property>
-   <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') == "") and (here.getLedger("") == "automated")</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='category'>role/shadow/person</multi_property>
-   <multi_property id='base_category'>role</multi_property>
-  </role>
  <role id='Auditor'>
   <property id='title'>ReadOnly for Accountant</property>
   <property id='condition'>python: context.getLedger("") == "automated"</property>
@@ -13,12 +6,12 @@
   <multi_property id='category'>function/accounting*</multi_property>
   <multi_property id='base_category'>function</multi_property>
  </role>
-  <role id='Auditor'>
+  <role id='Assignee'>
   <property id='title'>Shadow User</property>
   <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != "") and (here.getLedger("") == "automated")</property>
   <property id='base_category_script'>PaymentTransaction_getSecurityCategoryFromUser</property>
   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='base_category'>aggregate</multi_property>
+   <multi_property id='base_category'>destination_section</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>User</property>

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PaymentTransaction_getSecurityCategoryFromUser.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PaymentTransaction_getSecurityCategoryFromUser.py
@@ -30,9 +30,11 @@ category_list = []
 if obj is None:
  return []

+# XXX rename script to: setShadowUserAsAssignee
+# use base category instead of Hardcoding getDestinationSectionValue
 person = obj.getDestinationSectionValue(portal_type="Person")
 if person is not None:
  if base_category_list:
-    return {"Auditor": ["SHADOW-%s" % person.getUserId()]}
+    return {"Assignee": ["SHADOW-%s" % person.getUserId()]}

 return category_list
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -170,9 +170,8 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
        portal_type='Payment Transaction')
    product.edit(ledger='automated')
    self.assertSecurityGroup(product,
-        ['F-ACCOUNTING*', 'R-SHADOW-PERSON', self.user_id], False)
+        ['F-ACCOUNTING*', self.user_id], False)
    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
-    self.assertRoles(product, 'R-SHADOW-PERSON', ['Assignee'])
    self.assertRoles(product, self.user_id, ['Owner'])

  def test_PaymentTransaction_UserWithoutLedger(self):
@@ -205,7 +204,7 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
        ['F-ACCOUNTING*', self.user_id, person.getUserId(),
         shadow_user_id], False)
    self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
-    self.assertRoles(product, shadow_user_id, ['Auditor'])
+    self.assertRoles(product, shadow_user_id, ['Assignee'])
    self.assertRoles(product, person.getUserId(), ['Auditor'])
    self.assertRoles(product, self.user_id, ['Owner'])