Commit 6e5c94cc authored by Romain Courteaud's avatar Romain Courteaud

slapos_erp5: fixup shadow user permission on payment transaction

parent 35e7326f
<type_roles> <type_roles>
<role id='Assignee'>
<property id='title'>Person Shadow</property>
<property id='condition'>python: (here.getDestinationSection('', portal_type='Person') == "") and (here.getLedger("") == "automated")</property>
<multi_property id='categories'>local_role_group/shadow</multi_property>
<multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>ReadOnly for Accountant</property> <property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property> <property id='condition'>python: context.getLedger("") == "automated"</property>
...@@ -13,12 +6,12 @@ ...@@ -13,12 +6,12 @@
<multi_property id='category'>function/accounting*</multi_property> <multi_property id='category'>function/accounting*</multi_property>
<multi_property id='base_category'>function</multi_property> <multi_property id='base_category'>function</multi_property>
</role> </role>
<role id='Auditor'> <role id='Assignee'>
<property id='title'>Shadow User</property> <property id='title'>Shadow User</property>
<property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != "") and (here.getLedger("") == "automated")</property> <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != "") and (here.getLedger("") == "automated")</property>
<property id='base_category_script'>PaymentTransaction_getSecurityCategoryFromUser</property> <property id='base_category_script'>PaymentTransaction_getSecurityCategoryFromUser</property>
<multi_property id='categories'>local_role_group/shadow</multi_property> <multi_property id='categories'>local_role_group/shadow</multi_property>
<multi_property id='base_category'>aggregate</multi_property> <multi_property id='base_category'>destination_section</multi_property>
</role> </role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>User</property> <property id='title'>User</property>
......
...@@ -30,9 +30,11 @@ category_list = [] ...@@ -30,9 +30,11 @@ category_list = []
if obj is None: if obj is None:
return [] return []
# XXX rename script to: setShadowUserAsAssignee
# use base category instead of Hardcoding getDestinationSectionValue
person = obj.getDestinationSectionValue(portal_type="Person") person = obj.getDestinationSectionValue(portal_type="Person")
if person is not None: if person is not None:
if base_category_list: if base_category_list:
return {"Auditor": ["SHADOW-%s" % person.getUserId()]} return {"Assignee": ["SHADOW-%s" % person.getUserId()]}
return category_list return category_list
...@@ -170,9 +170,8 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin): ...@@ -170,9 +170,8 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
portal_type='Payment Transaction') portal_type='Payment Transaction')
product.edit(ledger='automated') product.edit(ledger='automated')
self.assertSecurityGroup(product, self.assertSecurityGroup(product,
['F-ACCOUNTING*', 'R-SHADOW-PERSON', self.user_id], False) ['F-ACCOUNTING*', self.user_id], False)
self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor']) self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
self.assertRoles(product, 'R-SHADOW-PERSON', ['Assignee'])
self.assertRoles(product, self.user_id, ['Owner']) self.assertRoles(product, self.user_id, ['Owner'])
def test_PaymentTransaction_UserWithoutLedger(self): def test_PaymentTransaction_UserWithoutLedger(self):
...@@ -205,7 +204,7 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin): ...@@ -205,7 +204,7 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
['F-ACCOUNTING*', self.user_id, person.getUserId(), ['F-ACCOUNTING*', self.user_id, person.getUserId(),
shadow_user_id], False) shadow_user_id], False)
self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor']) self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
self.assertRoles(product, shadow_user_id, ['Auditor']) self.assertRoles(product, shadow_user_id, ['Assignee'])
self.assertRoles(product, person.getUserId(), ['Auditor']) self.assertRoles(product, person.getUserId(), ['Auditor'])
self.assertRoles(product, self.user_id, ['Owner']) self.assertRoles(product, self.user_id, ['Owner'])
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment